Friday, July 25, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Tablet Market Grows in Second Quarter
The Pirate Bay Goes Mobile
ASUS Announces Strix DSP, Strix Claw, Strix Tactic Pro and Strix Glide Series
China Telecom to Offer The Xbox One System
Thermaltake Debuts the Water 3.0 Ultimate All-In-One Liquid
HP Pavilion 10z Laptop Uses An AMD Mullins Processor
Google Does Not Confirm to $1 Billion Acquisition Of Twitch
Sony Settles 2011 PSN Hacking Case
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Microso...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, November 24, 2009
Microsoft Confirms Zero-Day Exploit For Internet Explorer


A new exploit targeting Internet Explorer was announced by Microsoft yesterday, and Microsoft has released an advisory with information and workarounds.

According to Microsoft's investigation so far, Internet Explorer 5.01 Service Pack 4 and Internet Explorer 8 on all supported versions of Microsoft Windows are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected.

The vulnerability exists as an invalid pointer reference of Internet Explorer. It is possible under certain conditions for a CSS/Style object to be accessed after the object is deleted. In a specially-crafted attack, Internet Explorer attempting to access a freed object can lead to running attacker-supplied code.

Security firm Symantec has also confirmed that it affects Internet Explorer versions 6 and 7.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future. When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors. For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer," Symantec said.

The security firm suggests Internet Explorer users to ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft.

On completion of Microsoft's investigation, the conmpany may include providing a solution through its monthly security update release process, or an out-of-cycle security update.


Previous
Next
Samsung Announces Special Prices For HDTVs        All News        Lite-On Releases New LabelTag Drive
Google Bought Display Ad Startup Teracent     General Computing News      Opera Unite Now Available in Opera 10.10

Get RSS feed Easy Print E-Mail this Message

Related News
Microsoft's Profit Hurt By Nokia Acquisition, Plans Unified OS
Microsoft Is Shutting Down Xbox Entertainment Studios
Microsoft To Eliminate 18,000 Jobs
Microsoft To Take EU 'Right to be forgotten' Requests
Microsoft To Announce Job Cuts
Microsoft To Take On Chromebooks with $200 Windows Notebooks
Microsoft's Nadella To Announce Company Sharkeup
Microsoft Patches IE In Latest Security Updates
Microsoft's Smartwatch Rumored For October Launch
Microsoft May Use The Lumia Brand Instead Of Surface: rumor
Microsoft Suspends Security Notification Service
Microsoft Unveils Azure Machine Learning Service

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .