Internet Explorer is reeling from yet another zero-day exploit, this time causing the browser to crash or tricking users into visiting a malicious web page.
The new exploit, which was published to the BugTraq mailing list at the weekend, affects Internet Explorer 6 and 7, according to Symantec researchers.
Symantec said that the malware exhibits signs of "poor reliability", but that a "fully-functional reliable exploit" is likely to be available soon.
The issue is caused by a memory corruption error in the Microsoft HTML Viewer when retrieving certain CSS/STYLE objects, explained researchers from vulnerability research firm Vupen Security in a security advisory.
This could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page, the firm added.
Symantec said in a blog post that a successful attack would require the attacker to "lure victims to their malicious web page or a web site they have compromised".
"To minimise the chances of being affected by this issue, Internet Explorer users should ensure their anti-virus definitions are up to date, disable JavaScript and only visit web sites they trust until fixes are available from Microsoft."
.png&h=140&w=231&c=1&s=0){kind=logo}
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
