Security firm FireEye Labs has discovered a new zero-day vulnerability in Internet Explorer 9 and 10. Vulnerability allows an attacker to install malware on uninformed systems.
According to their research, the attack is done with the help of a website whose HTML code has been modified by the attacker.
"OR HTML / JavaScript webthe attacker's page runs one Flash object, which orchestrates the rest of it exploit. It exploit is a vulnerability in IE 10 that is built into JavaScript, ”explains FireEye Labs.
Until now, the vulnerability has been shown to affect Internet versions Explore 9 και 10 που χρησιμοποιούν το Adobe Flash, ενώ η Microsoft επιβεβαιώνει ότι επί του παρόντος διερευνά τις αναφορές και προσπαθεί να καθορίσει τον τρόπο που λειτουργεί το exploit.
"Microsoft is aware of limited, targeted attacks against Internet Explorer 9 and 10," a Microsoft spokesperson told TNW. ” As our investigation continues, we recommend that our customers upgrade to Internet Explorer 11 for additional protection. "