State-sponsored attackers likely used IE hole to target Gmail accounts2012.06.14 08:18 by Daniela
Tags: Gmail, IE
Microsoft and Google have warned about a new Internet Explorer zero-day being exploited to break into GMail accounts. The issue first started to crop up last week at which time, Gmail users that had their accounts breached, were given an alert message upon signing into their account stating that they were potentially a victim of "state sponsored attackers" who were trying to gain access to their gmail account.
The browser flaw, which is currently unpatched, expose Windows users to remote code execution attacks with little or no user action (drive-by downloads if an IE users simply surfs to a rigged site):
In its security advisory on the issue, Microsoft acknowledges the Google Security Team for working with the company on the MSXML Uninitialized Memory Corruption Vulnerability. Microsoft also thanks a Chinese security team, Qihoo 360 Security Center, for reporting the vulnerability.
Read more -here-