Researchers at Symantec say exploit code for a zero-day security vulnerability has been uncovered in Internet Explorer 6 and 7.
Proof-of-concept code for an attack targeting old versions of Microsoft Internet Explorer has made its way online.
According to Symantec, someone posted the code Nov. 20 to the Bugtraq mailing list. The code targets a flaw tied to how Internet Explorer (IE) uses cascading style sheet ( CSS ) information. CSS is used in many Web pages to define the presentation of the sites’ content.
The flaw is known to affect IE 6 and IE 7. The most current version of the browser, IE 8, is not thought to be impacted. IE 6 and IE 7 are still widely used however, and by one estimate account for roughly 41 percent of the Web browser market share.