Internet Explorer - New 0 Day Exploit in the wild
The Internet will never be a trustworthy environment and we always need to be careful with email, IM, and websites. A new unpatched vulnerability has surfaced when can crash IE and more developments could occur. Please be careful with all sites you visit.
QUOTE: There is a new and unpatched vulnerability with exploit code in the wild that affects the latest version of IE. The exploit works by including an abnormally large (a couple thousand) number of script actions inside a single HTML tag. This will cause a memory array to write out of bounds and cause an immediate or eventual browser crash. Both McAfee and Symantec have released signatures to detect this exploit. While this is only a DoS vulnerability at the moment, there is ongoing attempts to try to use this as a vector for remote code execution.
McAfee and other AV vendors are adding detection, so please keep your AV software up-to-date with the latest virus signature files.
QUOTE: This detection covers malicious HTML files/messages that attempt to exploit a 0-day, buffer overflow vulnerability in the MSIE script action handler. Proof of concept code was posted to the web recently that results in a denial of service attack (crash) against Microsoft Internet Explorer browsers.