According to an analysis by security firm VUPEN, Microsoft IE users are at risk of being exploited by attackers, who can take complete control of their system. The exploit code was posted on Microsoft’s Security Bulletin and said that it affected Internet Explorer versions 6, 7 and 8 which are being used across various Windows platforms.
VUPEN.com states that a “vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the “mshtml.dll” library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various “@import” rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3 and with Internet Explorer 7 and 6 on Windows XP SP3.
Microsoft will release a final patch for the year 2010 on December 14 (Tuesday), which will contain 17 security bulletins and 40 security fixes. Microsoft has stated that they are ‘investigating' the new exploit and will take appropriate action to safeguard its consumers.