Threat of the month: IE zero-day vulnerability

Share this article:
Threat of the month: IE zero-day vulnerability
Threat of the month: IE zero-day vulnerability

What is it?

A zero-day vulnerability affecting Internet Explorer (IE) versions 6 through 11. 

How does it work?

It exists in the HTML rendering engine, mshtml.dll, within the CDoc::SetMouseCapture function and is a use-after-free issue. By de-referencing already freed memory in a controlled manner, attackers can execute arbitrary code on a user's system when viewing a specially crafted web page.

Should I be worried?

Current exploits are known to target IE versions 8 and 9 for Windows XP and Windows 7 only, and rely on hxds.dll, a library provided by Microsoft Office in order to ensure reliable exploitation. As the core vulnerability is not restricted to these versions of IE and Windows nor requires Office to be installed, all users should be cautious.

How can I prevent it?

Microsoft has issued a temporary ‘Fix it' solution for 32-bit versions. As a workaround, users can limit exposure by disabling Active Scripting support, though this will impact
usability on some sites.

Share this article:
close

Next Article in Threat of the Month

Sign up to our newsletters

More in Threat of the Month

Threat of the month: Network deperimeterization

Threat of the month: Network deperimeterization

Security professionals should be aware of network deperimeterization, which decreases the usefulness of network edge security devices and increases the potential for device infection and data loss.

Threat of the month: Drive-by download

Threat of the month: Drive-by download

The pervasiveness of drive-by downloads has made it our threat of the month for May.

Threat of the month: Linksys router zero-day

Threat of the month: Linksys router zero-day

This month's vulnerability is currently being exploited by a worm known as "TheMoon."