Crime Groups Use IE To Exploit Windows Weakness

Online crime groups reportedly are using Internet Explorer as an attack vector against a Windows Shell vulnerability. Several third-party patches have already surfaced for the flaw, and Microsoft plans to issue a patch October 10 in addition to prepatch workarounds already provided. Attackers use IE to trigger an integer overflow error.

According to Exploit Prevention Labs in Atlanta, two online crime groups are hacking into Web sites and message boards to plant a malicious HTML tag. Web surfers visiting the legitimate site are redirected to an exploit server that attempts to deposit up to eight different exploits onto the visitor’s computer.

eWeek, 30 September 2006