Últimas Notícias

Researchers from BitDefender® have issued a signature update to protect users from a newly discovered vulnerability in Microsoft Internet Explorer 7. BitDefender is the first security vendor to issue an update, protecting users from targeted hacking attacks that exploit a vulnerability in the way Microsoft Internet Explorer 7 or higher parses webpages in preparation for printing. The exploit allows a remote attacker to execute arbitrary code on a victim's machine if the victim tries to print a specially-crafted webpage, while including a table of links.

"The exploitable vulnerability results from a combination of coding mistakes and sloppy security thinking,” said BitDefender Innovations Product Manager Alexandru Balan. “The code has numerous bugs but it is also executed in a lower-security context than it should be and the combination opens a way for hackers to compromise a system."

BitDefender researchers warn that the exploit is well-suited for use in targeted attacks and advise all users of Internet Explorer who do not have BitDefender installed to refrain from printing webpages with the “Print Table of Links” option enabled until a fix is released. BitDefender is, as of the time of writing, the only company that has released a signature able to detect and block malicious code based on this exploit.

A video demonstration of the IE7 exploit can be found on youtube.

The vulnerability was discovered by independent security researcher Aviv Raffon, who also released the proof-of-concept code. An in-depth description can be found Aviv Raffon site.