Vulnerability Management

Threat of the month: IE exploits

What is it?
A zero-day vulnerability that affects Internet Explorer (IE) versions 6, 7 and 8 can be exploited to compromise a user's system.

How does it work?
The vulnerability is caused by a use-after-free error when handling the “CDwnBindInfo” object and can be exploited to de-reference an already freed object in memory to gain control of the program flow. This allows executing arbitrary code on a user's system – with the user's privileges.

Should I be worried?
If users are running an affected version of IE, then they should show caution when visiting untrusted websites if their systems are not patched.

How can I prevent it?
Users are advised to upgrade to versions 9 or 10. Microsoft has also provided a temporary Fix-It solution, which prevents exploitation of this issue. A proper patch was not released in the January security update. However, Microsoft is working on the exploit and is expected to issue a fix soon.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.