IE iepeers.dll Use-After-Free Vulnerability

Share this article:
What is it?
It's a zero-day vulnerability that surfaced in March in Internet Explorer (IE). It is caused by a “use-after-free” error within iepeers.dll – a core component of IE.

How does it work?
The error occurs when calling the “setAttribute()” method for an object having the “userData” behavior applied via the “#default#userData” behavior parameter, which is used for maintaining specific information across HTML sessions by saving it to a UserData store.

Should I be worried?
Yes, if using Internet Explorer 6 or 7. Users of IE 8 are not affected.

How can I prevent it?
Microsoft, fortunately, released an out-of-band security update (i.e., a patch release not scheduled for the usual second Tuesday of the month) in April to address the vulnerability. This update also fixes nine other vulnerabilities in various versions of the browser, so users should ensure that the latest patches are applied.

— Carsten Eiram, chief security specialist, Secunia
Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Falling off the 'Wagon of Things'

Falling off the 'Wagon of Things'

The Internet of Things promises so much. And so the question arises, how are we going to keep all this 'stuff' safe and secure?

Know your traffic: The case for egress monitoring and filtering

Know your traffic: The case for egress monitoring ...

Our networks are our field; no one knows our network better than us, the people who maintain it. We need to use that to our advantage.

Breach shaming and the need for a new model to discuss data breaches

Breach shaming and the need for a new ...

The breach shaming trend impedes forward progress in preventing such incidents in the future and leaves consumers worrying without educating them.