A new vulnerability found in Microsoft Internet Explorer affects Internet Explorer version 8. The vulnerability allows attackers to execute code on a machine by just having the user visit a malicious website. This can happen, for example, when the user is tricked into clicking a link in an email or via compromised legitimate websites such as the recently compromised Department of Labor website which was subsequently used in a water-hole attack. Malicious payloads delivered from this compromise were confirmed by Microsoft to exploit the new vulnerability, designated CVE-2013-1347.
…(read more)