A day after Patch Tuesday, Microsoft finds itself investigating reports of both a zero-day flaw affecting Internet Explorer 7 and a vulnerability in the WordPad Text Converter. Microsoft has not offered specifics as to when patches or security updates to fix the issues would be available.
A day after December's Patch Tuesday release Dec. 9, Microsoft found itself investigating reports of a zero-day bug affecting Internet Explorer 7 as well as attacks against an unpatched flaw in the WordPad Text Converter.
According to Vupen Security, exploit code for the IE flaw takes advantage of an issue with the parsing of malformed X M L content. However researchers at Symantec said the problem affects both the X M L parsing engine of IE 7 and the library MSHTML.DLL.