Israeli security researcher develops IE superhack

I was intrigued to read over on the IDG newswire that Israeli security research Aviv Raff claims to have developed a zero-day attack methodology against Internet Explorer.

Except that, although he plans to reveal his methodology later today (and he has -Ed) his example attack - which reportedly works well - is currently hidden from Netters.

"Somewhere in my blog, I embedded a proof-of-concept code which exploits this zero-day vulnerability," Raff wrote in his blog last week.

The security flaw, which reportedly affects IE 7.x and 8.x, is claimed to allow a hacker to install any piece of code on the user's PC.

Raff claims to have informed Microsoft of his findings last week, but - guess what - the software giant we all love to hate has not patched it yet.

From what I can gather, for Raff's attack to work, the hacker must first install a small HTML code applet on a Web site and then persuade the victim to use a specific Internet Explorer feature on that page.

Clever stuff. Read more here...