Security Alert - Microsoft Internet Explore 7 (IE7) 0-day Exploit

1.0 Introduction

TechLabs has received reports from other security teams regarding the availability of a 0-day exploit targeting Microsoft Internet Explorer 7.

As of this writing, there is not patch available from Microsoft. Users should take note that the recent cumulative fix released by Microsoft ( does not protect them from this exploit.

2.0 Impact

The exploitation requires users to visit a site that contains the exploit code. Successful  exploitation allows remote code execution by the attacker.

3.0 Affected Products and Platforms

IE7 on Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008

4.0 Mitigation

As currently there is no fix available from Microsoft, users are encouraged to apply mitigation techniques proposed by in [1] if they wish to use IE7. Users may also consider using alternative browsers such as Mozilla Firefox or Opera while waiting for the problem to be resolved.

In addition, system administrator may block traffic from the internal network going to known
IE7 exploit sites that are published by ShadowServer Foundation in [2].

5.0 References

* Microsoft Security Advisory on IE 7 Vulnerability
* IE 7 Exploit Sites -
* SANS Handlers Diary -
* Trend Micro Blog -
* Symantec Blog -

6.0 Suggestion

For those who're using IE 7, adviseable to stop and use firefox, google chrome. Download HERE
Share this article :
Next Post »
Check Page Rank
Copyright © 2010 Blog Blue Box - All Rights Reserved
Template By. Kunci Dunia
Back To Top