June 14, 2021

Critical Vulnerability in Internet Explorer

VUPEN, an IT security research company has reported a critical vulnerability in Internet Explorer that has been known for about two weeks.

security news at livehacking.com

With reference to VUPEN security advisory, a vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the “mshtml.dll” library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various “@import” rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3, and with Internet Explorer 7 and 6 on Windows XP SP3. Microsoft has yet to respond and it is not know if or when a patch will be released.

Download Metasploit Framework exploit Code for this vulnerability here.