Only a day after the recent out-of-band Internet Explorer vulnerability patch, a new un-patched Internet Explorer flaw could leave thousands of users at risk.
The new attack uses smaller un-patched vulnerabilities in Internet Explorer, small enough they couldn’t compromise a system, but together they can overwhelm Internet Explorer and give access to a users machine if the individual clicks on a malicious link. Jorge Luis Alvarez Medina said to Reuters, "There are three or four ways to conduct this type of attack." Alvarez Medina is a security consultant with Boston-based Core who have been researching Internet Explorer weaknesses.
The smaller exploits triggers four or five minor exploits at the same time, by three or four different methods to trigger the attack.
Alvarez Medina said that the attack uses a string of four or five minor exploits in Internet Explorer. The vulnerability will be demonstrated at the yearly Black Hat Security conference, which will take place on February 2, 2010.
Thanks to franzon for the news tip