Threat of the month: IE exploits
Threat of the month: pdf.exe.zip files
What is it?
A zero-day vulnerability that affects Internet Explorer (IE) versions 6, 7 and 8 can be exploited to compromise a user's system.
How does it work?
The vulnerability is caused by a use-after-free error when handling the “CDwnBindInfo” object and can be exploited to de-reference an already freed object in memory to gain control of the program flow. This allows executing arbitrary code on a user's system – with the user's privileges.
Should I be worried?
If users are running an affected version of IE, then they should show caution when visiting untrusted websites if their systems are not patched.
How can I prevent it?
Users are advised to upgrade to versions 9 or 10. Microsoft has also provided a temporary Fix-It solution, which prevents exploitation of this issue. A proper patch was not released in the January security update. However, Microsoft is working on the exploit and is expected to issue a fix soon.