IE iepeers.dll Use-After-Free Vulnerability

Share this article:
What is it?
It's a zero-day vulnerability that surfaced in March in Internet Explorer (IE). It is caused by a “use-after-free” error within iepeers.dll – a core component of IE.

How does it work?
The error occurs when calling the “setAttribute()” method for an object having the “userData” behavior applied via the “#default#userData” behavior parameter, which is used for maintaining specific information across HTML sessions by saving it to a UserData store.

Should I be worried?
Yes, if using Internet Explorer 6 or 7. Users of IE 8 are not affected.

How can I prevent it?
Microsoft, fortunately, released an out-of-band security update (i.e., a patch release not scheduled for the usual second Tuesday of the month) in April to address the vulnerability. This update also fixes nine other vulnerabilities in various versions of the browser, so users should ensure that the latest patches are applied.

— Carsten Eiram, chief security specialist, Secunia
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.

Securing the autonomous vehicle

Securing the autonomous vehicle

We are now in the fast lane towards a driverless future. Will we have to brake for hackers?

CISO: same title, new opportunities

CISO: same title, new opportunities

Despite big responsibilities compounded by a string of headline-grabbing data breaches, the skies are looking brighter for CISOs.