Hackers exploit old Internet Exploder bug

[Alpine]

VML hole returns but this time it is personal

A BUG in IE, which first appeared last year, is being exploited again.


The flaw uses Vector Markup Language which is a rarely used, Microsoft-only Internet graphics format.

At the time, hackers had several successes at exploiting the hole before Microsoft released a patch. Now a very similar VML flaw is being seen in the wild.

The bug allows a hacker to take control of a computer or download adware on a PC using Windows XP Service Pack 2 or Windows 2000 SP 4.

All the victim needs to do is visit a site that has been salted with a dodgy image and it is good night Vienna. The flaw exists in IE 6 and 7 unless the operating system is Vista. Vole has issued a patch. More here.