‫ Microsoft Internet Explorer HTML Rendering Engine Use-After-Free Vulnerability

IRCAD2013092894
ID: IRCAD2013092894
Release Date: 2013-09-18
Criticality level: Extremely critical
Software:
Microsoft Internet Explorer 10.x
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x
Description:
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error within mshtml.dll when handling certain objects and can be exploited to dereference already freed memory.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
Solution
The vendor recommends to apply the Microsoft Fix it if available. Please see the vendor's advisory for details.
References:
Microsoft (KB2887505):
Microsoft Fix it workaround:
Microsoft Security Response Center:
Secunia
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 30 شهریور 1392

امتیاز

امتیاز شما
تعداد امتیازها:0