A critical vulnerability is identified in Internet Explorer versions 5+ and above. Security experts at MicroWorld Technologies say a malicious code named 'Exploit.HTML.VML' is being actively exploited by Pornographic and other shady websites to install Spyware and Trojans into user computers without their knowledge.

The vulnerability is found in the implementation of VML -Vector Markup Language- derived from XML and used in delivering vector graphics with geometrical shapes and mathematical equations, in Internet Explorer. File formats such as SWF(Flash), PDF(Adobe Acrobat), AI (Adobe Illustrator), EMF (Microsoft Enhanced Metafile) are examples of vector graphics.

'Exploit.HTML.VML' pushes other malware into computers by inducing a Stack Buffer Overflow, when a smartly crafted page with VML containing a long "fill" method inside a "rect" tag, is displayed in IE. In a typical scenario, Internet Explorer is seen crashing soon after the exploit is delivered.

Microsoft has confirmed that the vulnerability allows the malware author to execute arbitrary code on the attacked system while acknowledging that a successful intruder can gain local user rights on victim's computer. The corporation is working on a patch for the flaw and if the situation warrants, would go for an earlier release of it, before its monthly patching cycle scheduled on October 10.

"This is a Drive-by Download Attack using a Zero-day vulnerability, making it a definite case of clear and present danger," says CEO of MicroWorld Technologies, Govind Rammurthy. "Just by visiting shady websites, community portals or photo exchange sites where user posted content is hosted without much supervision, you could well be inviting sly malware right into your PC."

Mail Clients like Outlook Express that preview emails, using IE rendering mechanism, is also at equal risk, says Govind Rammurthy. Potential large scale attacks via email using VML embedded HTML, can be launched to invade user computers, where all you need is to view the mail, to be ambushed.

MicroWorld Security analysts suggest following actions to safeguard computers till the patch is out:

 

MicroWorld

MicroWorld (www.mwti.net ) is the developer of the world's first Real-Time Anti-Virus and Content Security software eScan for desktops and servers. Its communication security software, MailScan is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld Winsock Layer (MWL) is the revolutionary technology underlying these products, powering them to several certifications and awards by some of the most prestigious testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time Proactive security for your systems. For network security of enterprises, eConceal Firewall is the latest powerful offering from MicroWorld.

To learn more, kindly visit http://www.mwti.net.