Websense Security Labs(TM) has received reports of a new Internet Explorer “zero-day” vulnerability that could allow the launching of code without consent from the end user. The vulnerability, which has no patch available, exploits I.E. and can execute code without user consent.
Websites are specially crafted to exploit the text range vulnerability.
The websites are intended to exploit the vulnerability which in turn runs shell code that downloads an SDbot variant. The SDbot variant takes several actions, then connects to an IRC server to await further commands. In our testing none of the detected sites successfully downloaded the SDbot variant. Our honeypot clients are currently scanning for malicious websites that are using this vulnerability and have detected sites using it. We are issuing
Real Time Security Updates as we detect these sites.