Internet Explorer 7, Word Pad Hit By Zero-Day Vulnerabilities

Microsoft has apparently confirmed the fact that a new vulnerability in Internet Explorer was not patched in the major update that was released on Tuesday.

A spokesperson from Microsoft assured its users that the company is looking into the new vulnerability and its investigations are underway.

Reports of the new vulnerability in the Internet Explore first began to surface in China and soon security experts started to mention the possibility of the bug spreading across multiple malicious domains.

Currently though researchers are still trying to figure out the exact nature of the bug with differences cropping up amongst some of them regarding the expanse of the vulnerability.

While HD Moore from Break Point Systems seems to believe that the flaw originates out of Internet Explorer’s handling of the ‘span’ tag, others including the likes of Ben Greenbaum from Symantec have attributed the flaw to a dll file that is responsible for rendering various kinds of HTML content in the browser.

To prevent the bug from comprising systems, Symantec has recommended users to enable data execution prevention in Internet Explorer and disable JavaScript.

Though as of now Microsoft has not promised a patch to deal with this flaw, it is expected that the company will release one after its investigations are complete.