Microsoft confirmed that there has been recent reports of attacks on Internet Explorer using a previously unknown flaw in its VML. VML stands for Vector Markup Language, and is used to display graphic information on the web. This type of malicious code is called exploits. As the name suggests, exploits are code and software created to take advantage of security vulnerabilities in programs and operating systems. They are often used to install malware onto an unsuspecting victim’s computer. This particular exploit allows the attacker to execute arbitrary code on the user’s system, installing a host of malware onto the system.
The attack was first reported by researchers of the Sunbelt Software, Inc. on September 18, and is currently hosted on on a handful of sites. But based on previous browser-oriented attacks it might not be long before legitimate sites are affected. This attack works on all versions of Windows running the IE 6 browser, including fully-patched machines. It is believed that an exploit kit called Web Attacker has been updated to include code to exploit this vulnerability. This exploit kit is sold underground and can be used to easily develop malware.