Incident Response, TDR, Vulnerability Management

Threat of the month: IE zero-day vulnerability

What is it?

A zero-day vulnerability affecting Internet Explorer (IE) versions 6 through 11. 

How does it work?

It exists in the HTML rendering engine, mshtml.dll, within the CDoc::SetMouseCapture function and is a use-after-free issue. By de-referencing already freed memory in a controlled manner, attackers can execute arbitrary code on a user's system when viewing a specially crafted web page.

Should I be worried?

Current exploits are known to target IE versions 8 and 9 for Windows XP and Windows 7 only, and rely on hxds.dll, a library provided by Microsoft Office in order to ensure reliable exploitation. As the core vulnerability is not restricted to these versions of IE and Windows nor requires Office to be installed, all users should be cautious.

How can I prevent it?

Microsoft has issued a temporary ‘Fix it' solution for 32-bit versions. As a workaround, users can limit exposure by disabling Active Scripting support, though this will impact
usability on some sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.