Back to Newsroom

20 May 2008

BitDefender is the first security vendor to issue update

Researchers from BitDefender� have issued a signature update to protect users from a newly discovered vulnerability in Microsoft Internet Explorer 7. BitDefender is the first security vendor to issue an update, protecting users from targeted hacking attacks that exploit a vulnerability in the way Microsoft Internet Explorer 7 or higher parses webpages in preparation for printing. The exploit allows a remote attacker to execute arbitrary code on a victim's machine if the victim tries to print a specially-crafted webpage, while including a table of links.

"The exploitable vulnerability results from a combination of coding mistakes and sloppy security thinking,� said BitDefender Innovations Product Manager Alexandru Balan. �The code has numerous bugs but it is also executed in a lower-security context than it should be and the combination opens a way for hackers to compromise a system."

BitDefender researchers warn that the exploit is well-suited for use in targeted attacks and advise all users of Internet Explorer who do not have BitDefender installed to refrain from printing webpages with the �Print Table of Links� option enabled until a fix is released. BitDefender is, as of the time of writing, the only company that has released a signature able to detect and block malicious code based on this exploit.

A video demonstration of the IE7 exploit can be found on youtube.

The vulnerability was discovered by independent security researcher Aviv Raffon, who also released the proof-of-concept code. An in-depth description can be found Aviv Raffon site.

 Share

Contacts