An exploit taking advantage of an unpatched vulnerability in Internet Explorer (IE) has gone public. The flaw involves the way IE handles CSS style sheets on Windows 7 and Vista machines. Microsoft has not yet confirmed the vulnerability. The vulnerability is able to bypass two built-in Windows security features: Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) Microsoft says it’s investigating the vulnerability and will take “appropriate action to help protect customers” The exploit code was published Wednesday as part of an open-source hacking toolkit.
Source: https://thehackernews.com/2010/12/exploit-code-posted-for-new-internet.html