Vulnerabilitate în Internet Explorer

  • Posted on: 16 December 2008
  • By: Stefaniu Criste

A fost descoperită o vulnerabilitate critică în Internet Explorer.

Description:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.

Solution:
Do not browse untrusted websites or follow untrusted links.

sursa: http://secunia.com/advisories/33089/

Alte detalii si masuri temporare (la data scrierii acestui articol inca nu exista o solutie) gasiti la adresele: http://www.microsoft.com/technet/security/advisory/961051.mspx si respectiv http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-var...

Personal însă aş recomanda (cel puţin până apar mai multe clarificări) foosirea altui browser.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.