Internet Explorer is still vulnerable to protocol handler vulnerabilities, where arguments passed in a link that calls an external protocol handler are passed without filtering. Depending on the application that is being used to handle the external protocol, arbitrary code execution may result (such as is the case with the current FirefoxURL issue).

Description:

It has been discovered that Internet Explorer is still vulnerable to a well known class of vulnerabilities - where it is possible to run software of an attacker's choice by adding extra arguments to a web link. The most recent disclosure affects the FirefoxURL handler. Despite being known since 2004, it appears that this issue will continue to affect users. Exploit code is readily available for this, and other examples of the issue.

Mitigation:

Consider the use of an alternative browser until this issue can be remedied.

Updates:

Not Yet Available

Source:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit

Exploits:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit

Not Yet Identified