Alerts
Alerts
Zero-Day Tracker
Common Name:
Microsoft Internet Explorer 7 XML Zero-Day
Date Disclosed:
11/15/2008
Expected Patch Release:
Unknown
Vendor:
Microsoft
Application:
IE7 on Windows XP
IE7 on Windows Server 2003
IE7 on Windows Vista Unconfirmed for Reliable Exploitation
Description:
A vulnerability exists within Internet Explorer 7 that allows an attacker to execute arbitrary code on a victims machine if they visit a malicious website.
Exploit code for this has been publicly released in a public forum and exploitation has been seen in-the-wild.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Internet Explorer remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
No mitigation strategies exist for Internet Explorer.
Protection:
Links:
Press Attention
Status:
11/15/2008 In-The-Wild Exploitation Witnessed By 3rd Party
12/9/2008 Reliable Exploit Code Identified by eEye Research
Common Name:
Microsoft Internet Explorer 7 XML Zero-Day
Date Disclosed:
11/15/2008
Expected Patch Release:
Unknown
Vendor:
Microsoft
Application:
IE7 on Windows XP
IE7 on Windows Server 2003
IE7 on Windows Vista Unconfirmed for Reliable Exploitation
Description:
A vulnerability exists within Internet Explorer 7 that allows an attacker to execute arbitrary code on a victims machine if they visit a malicious website.
Exploit code for this has been publicly released in a public forum and exploitation has been seen in-the-wild.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user
Internet Explorer remote code execution vulnerabilities have very high impacts since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
No mitigation strategies exist for Internet Explorer.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Links:
Press Attention
Status:
11/15/2008 In-The-Wild Exploitation Witnessed By 3rd Party
12/9/2008 Reliable Exploit Code Identified by eEye Research