A newly announced Internet Explorer zero-day exploit is apparently being used to hijack the
accounts of a number of Gmail users.
ZDNet.com reports that both Microsoft and Google have sent out their own security advisories about this issue. The exploit works just by an IE user surfing over to an infected website.
According to Microsoft's statement:
An attacker would have no way to force users to visit such a
website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
