Just days after Microsoft's September PatchTuesday announcement, Security Response has confirmed that there is anew Internet Explorer zero-day vulnerability. Because this is anunpatched vulnerability with proof-of-concept exploit code available,Symantec Security Response is considering this to be rated as"critical". The vulnerability itself was announced by XSec.
Uponfurther analysis, we have determined that the vulnerability is, infact, a buffer overflow related to how Internet Explorer tries toinstantiate a certain DirectionAnimation COM object as an ActiveXcontrol. At this point, we believe that successful exploitation of thisvulnerabilitiy may allow an attacker to execute remote code on thecompromised system.
There is no patch available from Microsoft for this particularzero-day exploit, as of yet. In order to provide proactive protectionto our customers against malicious attacks that attempt to leverage thevulnerability, Symantec Security Response is releasing intrusionprevention (IPS) signatures for this issue. Customers are advised toensure that they have the latest security updates installed.