Malicious CSS Codes Threaten Internet Explorer

"Investigating new, public reports of a vulnerability in all supported versions of Internet Explorer, and on completion of this investigation, Microsoft will take the appropriate action to protect our customers." - Microsoft
Microsoft has just issued a warning about an un-patched zero-day vulnerability of their browser Internet Explorer which leaves Windows open to attacks. The case, which was discussed in Microsoft’s Security Advisory 2488013, relates to Internet Explorer’s handling of malicious Cascading Style Sheet (CSS) code. This can be exploited to overwrite uninitialized memory and execute arbitrary code.
The flaw can be exploited via remotely run code under the account of the user by simply visiting a CSS webpage that contains the malicious code. Unfortunately, there is no fix yet, although Microsoft reports that they’re investigating the issue.
Read the rest of the article »