Forum latest

Zero-Day Exploits On IE7 Could Spread To Other Microsoft Browsers
General
Written by Daniel   
Tuesday, 16 December 2008 11:40

IE5, IE6, and the IE8 beta are also potentially vulnerable, software giant says

Dec 16, 2008 | 09:07 AM
By Tim Wilson
DarkReading

The zero-day vulnerability in Internet Explorer 7 can also be found in other versions of the Microsoft browser, but exploits can be avoided through a series of workarounds, Microsoft said yesterday.
The zero-day vulnerability reported last week has led to exploits that are still in the wild, confirmed in a security bulletin issued yesterday. Although the attacks so far have been only against versions of IE7, Microsoft also conceded that IE versions 5, 6, and the 8.2 beta are also potentially vulnerable.

"The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer," Microsoft says. "When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable."   [Comments...]

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either