Zero Day IE exploit in the Wild


Sunbelt blog has reported that they have evidence that a Zeroday (also know as 0day) exploit is in the wild.

The exploit uses a bug in VML in Internet Explorer to overflow a buffer and inject shellcode. It is currently on and off again at a number of sites.

Security researchers at Microsoft have been informed.

The attack can be mitigated by turning off Javascript.

To turn off Java Scripting open IE, going to tools, options, security tab, then click “Custom Level”, and scroll almost to the bottom to “Scripting”, and set “Scripting of Java Applets” to disable. You can also set the custom settings to high and it will do the same thing.

Leave a Reply