Home » Defense in Depth

No Patch Yet For IE 0-Day

Posted 4 Nov 2010 | Comments Off on No Patch Yet For IE 0-Day | 1,316 views

Next Tuesday is Patch Tuesday, but it does not include a patch for the recent IE 0-day vulnerability. The November bulletin mentions multiple Office versions, PowerPoint View and Foreront Unified Access Gateway.

Microsoft is currently investigating a vulnerability in Internet Explorer that they claim is due to an invalid flag reference. The advisory confirms that versions 6, 7, and 8 are vulnerable, while the version 9 betas are not listed. Exploit code circulating in the wild specifically targets versions 6 and 7, and it tries to force a drive-by download on the user. Other IE versions simply pull a blank page from the compromised site.

Comments are closed.