Blog
Abhijit Kulkarni

Internet Explorer vulnerability could allow Remote Code Execution

March 9, 2010
0
Estimated reading time: 1 minute

If you are using an older version of Internet Explorer (IE 6 or IE 7), you have a strong reason to upgrade to Internet Explorer 8.

Attackers are exploiting a security bug in the older versions of Internet Explorer that allows them to remotely execute a malicious code. The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Microsoft said “At this time, we are aware of targeted attacks attempting to use this vulnerability.” The vulnerability exists in Internet Explorer 6 and Internet Explorer 7 and not in Internet Explorer 8.

This Internet Explorer vulnerability is different from the one which I had blogged last week under Internet Explorer .HLP vulnerability on Windows XP.

Quick Heal’s Browsing Protection feature protects Quick Heal users from the attacks exploiting this vulnerability.

Moreover, we still recommend all the Internet Explorer 6 and Internet Explorer 7 users to upgrade to Internet Explorer 8.

Microsoft Security Advisory is at the following link:
http://www.microsoft.com/technet/security/advisory/981374.mspx

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image