IE iepeers.dll Use-After-Free Vulnerability

Share this article:
What is it?
It's a zero-day vulnerability that surfaced in March in Internet Explorer (IE). It is caused by a “use-after-free” error within iepeers.dll – a core component of IE.

How does it work?
The error occurs when calling the “setAttribute()” method for an object having the “userData” behavior applied via the “#default#userData” behavior parameter, which is used for maintaining specific information across HTML sessions by saving it to a UserData store.

Should I be worried?
Yes, if using Internet Explorer 6 or 7. Users of IE 8 are not affected.

How can I prevent it?
Microsoft, fortunately, released an out-of-band security update (i.e., a patch release not scheduled for the usual second Tuesday of the month) in April to address the vulnerability. This update also fixes nine other vulnerabilities in various versions of the browser, so users should ensure that the latest patches are applied.

— Carsten Eiram, chief security specialist, Secunia
Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

The cool factor: New tech in banking has an edge

The cool factor: New tech in banking has ...

Disruption is expected; financial crime should be, too.

Me and my job: James Hill senior security architect, Consolidated Data Services

Me and my job: James Hill senior security ...

James Hill senior security architect, Consolidated Data Services (CDS), discusses his role at his organization.

Ahead in the cloud

Ahead in the cloud

Growth businesses are always looking for flexible ways of working that reduce capital and running costs, while securely delivering the data users need, when and where they need it.