Threat of the month: IE exploits

Share this article:
Threat of the month: pdf.exe.zip files
Threat of the month: pdf.exe.zip files

What is it?
A zero-day vulnerability that affects Internet Explorer (IE) versions 6, 7 and 8 can be exploited to compromise a user's system.

How does it work?
The vulnerability is caused by a use-after-free error when handling the “CDwnBindInfo” object and can be exploited to de-reference an already freed object in memory to gain control of the program flow. This allows executing arbitrary code on a user's system – with the user's privileges.

Should I be worried?
If users are running an affected version of IE, then they should show caution when visiting untrusted websites if their systems are not patched.

How can I prevent it?
Users are advised to upgrade to versions 9 or 10. Microsoft has also provided a temporary Fix-It solution, which prevents exploitation of this issue. A proper patch was not released in the January security update. However, Microsoft is working on the exploit and is expected to issue a fix soon.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS