There's a previously unknown buffer overflow vulnerability affecting Internet Explorer. Specifically, the new vulnerability exists within the Vector Markup Language (VML), a component that specifies vector images in an Extensible Markup Language (XML) document within IE. Current attacks try to execute Trojan horse programs that may allow remote access to a compromised system. While JavaScript is not necessary to exploit the vulnerability, the current attacks do use JavaScript. Thus the only workaround is to disable JavaScript within IE. See "How to disable Active Script in IE" for more details.
Zero-day attack on Internet Explorer
Zero-day attack on Internet Explorer
Robert Vamosi
Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.