Internet Explorer Vulnerability Allows Trojan Spreading

Microsoft has fixed a new vulnerability (CVE-2010-3962) in all Internet explorer versions except Internet Explorer 9 Beta. The bug could Allow Remote Code Execution on victim machines.

About this vulnerability Symantec stated that by visiting an infected website a Backdoor.Pirpi may be executed and runs in the background of the operating system .The backdoor can perform the following actions:

• Set and display configuration data
• Execute commands using cmd.exe
• Download and upload files
• List and end processes
• End commands
• Remove the backdoor

So a successful attack allows attackers to take complete control of the vulnerable system.

Currently the vulnerability is related to errors in the objects removing mechanism from application memory. Microsoft is planning to release a patch for this vulnerability for the IE9 Beta on next Tuesday update 9th of November. But if the number of attacks that exploit this vulnerability will increase, Microsoft is ready to release an urgent security update.

make sure you subscribe to my RSS feed!