IE exploits are the "Threat of the Month"

Share this article:
Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files

What is it?

A 0-day vulnerability that affects all supported versions of Internet Explorer and can be exploited to compromise a user's system.

How does it work?

The vulnerability is caused by a use-after-free error when handling the “execCommand” method and can be exploited to dereference an already freed CMshtmlEd object in memory to gain control of the program flow. This allows executing arbitrary code on a user's system with the user's privileges.

Should I be worried?

Users should show extreme caution when visiting untrusted web sites if their systems are not fully patched.

How can I prevent it?

Shortly after information on the 0-day was released, Microsoft confirmed the vulnerability via a security advisory and provided a temporary Fix-it solution. On Sept. 21, Microsoft released an out-of-band security bulletin, MS12-063, which addressed the 0-day vulnerability along with four other potential remote code execution bugs. 

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Threat of the Month

Sign up to our newsletters

TOP COMMENTS

More in Threat of the Month

Threat of the month: Passwords

Threat of the month: Passwords

The argument around the use of passwords and their relevancy today continues to increase.

Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Threat of the month: Drive-by download

Threat of the month: Drive-by download

The pervasiveness of drive-by downloads has made it our threat of the month for May.