[funsec] MSIE 6/7/8 unpatched vulnerability confirmed
juha-matti.laurio at netti.fi
Wed Jan 20 15:54:59 CST 2010
So many references but so little time..
"While the public exploit only targets Internet Explorer 6 without DEP (Data Execution Prevention), VUPEN Security has confirmed reliable code execution with Internet Explorer 8 and permanent DEP enabled.
"Today we issued our Advanced Notification Service (ANS) to advise customers that we will be releasing MS10-002 tomorrow, January 21st, 2010.
We are planning to release the update as close to 10:00 a.m. PST (UTC -8) as possible.
This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of Critical.
It addresses the vulnerability related to recent attacks against Google and small subset of corporations, as well as several other vulnerabilities."
More information about the funsec