Vulnerabilities have moved into the focus of many Internet users. This time it is a new 0-day vulnerability for Microsoft's Internet Explorer that could allow remote code execution on the target system. The critical vulnerability affects all versions of the browser from Internet Explorer 6 to 8, but mitigating factors exist that protect the system or reduce the impact of the vulnerability.
The vulnerability exists due to an invalid flag reference within Internet Explorer. It is possible under certain conditions for the invalid flag reference to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
Internet Explorer users can block the attack fully by blocking the execution of ActiveX controls and Active Scripting in the preferences.
Microsoft furthermore has released a Fix It solution to protect computer systems from these attacks. The first Fix it solution overrides a website's cascading style sheets style by using a custom CSS for formatting documents.
The second Fix it solution applies only to Internet Explorer 7. It enables or disables DEP in the web browser. Both Fix It solutions are available directly from Microsoft. The original security advisory is available here.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.