Chaitanya Sharma, advisory team lead, Secunia
February 01, 2013
Threat of the month

Threat of the month: IE exploits

IE exploits are the "Threat of the Month"
IE exploits are the "Threat of the Month"

What is it?
A zero-day vulnerability that affects Internet Explorer (IE) versions 6, 7 and 8 can be exploited to compromise a user's system.

How does it work?
The vulnerability is caused by a use-after-free error when handling the “CDwnBindInfo” object and can be exploited to de-reference an already freed object in memory to gain control of the program flow. This allows executing arbitrary code on a user's system – with the user's privileges.

Should I be worried?
If users are running an affected version of IE, then they should show caution when visiting untrusted websites if their systems are not patched.

How can I prevent it?
Users are advised to upgrade to versions 9 or 10. Microsoft has also provided a temporary Fix-It solution, which prevents exploitation of this issue. A proper patch was not released in the January security update. However, Microsoft is working on the exploit and is expected to issue a fix soon.

From the February 2013 Issue of SCMagazine »
Related Articles
Related Topics

Sign up to our newsletters

More in Threat of the Month

Threat of the month: Virtualized application vulnerabilities

Threat of the month: Virtualized application vulnerabilities

The first "Threat of the Month" for 2013 are virtualized application vulnerabilities.

Threat of the month: Natural disasters

Threat of the month: Natural disasters

Our threat of the month for December are natural disasters, which result in the loss of confidentiality, integrity, and availability of sensitive information.

IE exploits are the "Threat of the Month"

IE exploits are the "Threat of the Month"

The "Threat of the Month" in our November issue are IE exploits.