FierceCIOFierceCIOTechWatchFierceMobileITFierceContentManagement   FierceVoIPFierceHealthITFierceFinanceIT

Firefox 2/IE 7 animated cursor exploit on the way

April 2, 2007 — 8:01pm ET
Tools
  • Email
  • Print
  • Comment
  • Digg
  • Reddit
Tags
IT Security
Hacking
Microsoft
Firefox
Software Patches
Mozilla
Software News
exploits
Microsoft Windows
Internet Explorer (IE)

In a column for ZDnet, George Ou reveals that security firm Determina plans to release a proof of concept animated cursor exploit that will allow attackers to hijack Mozilla 2 and IE7 running on Vista. An attack could allegedly be stopped by Microsoft's DEP (Data Execution Prevention) in Windows XP SP2 and Vista but is confoundingly turned off by default in most Windows programs. Interestingly enough, IE7 has the advantage here, as Ou writes, "What's interesting about this is the fact that Firefox doesn't have the benefit of Protected Mode under Vista, which can somewhat mitigate the damage that can be done if Internet Explorer 7 is exploited by this vulnerability." Determina is waiting for Mozilla to issue a patch before releasing the exploit code. As you will recall, Microsoft will be releasing a patch for the vulnerability today.

For more on the attack:
- see this ZDnet column

Be the first to comment

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.

More information about formatting options

What is 44 + 28?
To combat spam, please solve the math question above.