Older IE Versions Left Vulnerable to Poison Ivy Trojan

(Ping! Zine Web Tech Magazine) – Tech giant Microsoft was left having to address a new security vulnerability found in older versions of its Internet Explorer web browser recently.

A new exploit related to the Zero Day vulnerability was discovered, allowing hackers to attack computer systems with the Poison Ivy trojan virus.

The issue was picked up on last week by security guru Eric Romang of ZATAZ.com who noticed the issue when analyzing servers used in a previous 0 day exploit related to Java. Dangerous files were noticed in the directory /public/help.

Romang noted the source appeared to come from Nitro. Microsoft later responded, issuing a security advisory on Monday.

“A remote code execution vulnerability exists in the way that Internet Explorer accesses an object that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website,” noted Microsoft via its blog.

Versions of Internet Explorer affected include IE 7 and 8. Microsoft, meanwhile, has said it might provide a fix via a security update.

Last month, analysts urged users to take action when a security vulnerability was noticed to be plaguing Java. That too, allowed malware with Geek.com reporting it originated in China.

Advertisement