New MSIE 0-day is related to CSS attribute
Exploit code to Internet Explorer CSS Attribute Denial of Service Vulnerability has been released yesterday. The behavior of code is interesting:
When the “position” CSS attribute is set to HTML table only hovering cursor over malformed table triggers the flaw.
I’m not linking to the code. Reportedly MSIE 6.0.2900 SP2 is affected. Microsoft is aware about the issue.
However, If there are upcoming security advisories via mailing lists I will update this entry.
But the most interesting point is the future severity level. According to Microsoft vulnerability is Critical is no user interaction is needed to exploit the flaw. Is moving the mouse pointer user activity?