A new exploit targeting Internet Explorer has been published on the BugTraq mailing list. According to Symantec, the exploit takes advantage of a critical cascading style sheet (CSS) vulnerability.
"[We] conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well. [However], the exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," Symantec explained in an official blog post.
The latest Zero Day IE exploit has also been confirmed by Vupen Security, which provided a detailed description of the vulnerability.
"This [exploit] is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the 'getElementsByTagName()' method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page."??
It should be noted that Vupen Security lists the exploit as only affecting versions 6 and 7 of Internet Explorer.??