Thursday, December 08, 2016
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple In Talks With Hollywood For Early Movie Rental
Bluetooth 5 Technology Brings Advancements In Terms Of Range, Speed And Capacity
Global Virtual Reality Association Established To Promote VR
Fitbit Acquired Assets from Pebble
GIGABYTE Announces Xtreme Gaming Peripherals, Including A Gaming Chair
Scythe Releases Improved Mugen 5 CPU Cooler Armed With Kaze Flex 120 Fan
Qualcomm Begins Sampling The 48- Core, 10nm Centriq 2400 Server Processor Family
Could Future Intel Chips Have AMD Graphics Inside?
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > New Vul...
Last 7 Days News : SU MO TU WE TH FR SA All News

Wednesday, March 10, 2010
New Vulnerability Targets Internet Explorer 6 and Internet Explorer 7


Microsoft annoucned todat that it was investigating new, public reports of a vulnerability in Internet Explorer 6 and Internet Explorer 7.

According to Microsoft's investigation, Internet Explorer 8, is not affected. The main impact of the vulnerability is remote code execution, Microsoft said.

Microsoft said that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 were not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 were vulnerable.

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution, Microsoft added.

"At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs," Microsoft said in a security advisor released today.

Protected Mode in Internet Explorer on Windows Vista and later Windows operating systems helps to limit the impact of the vulnerability as an attacker who successfully exploited this vulnerability would have very limited rights on the system. An attacker who successfully exploited this vulnerability on Internet Explorer 6 or Internet Explorer 7 could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights, Microsoft said.

In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker?s Web site.

By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone, Microsoft added.

By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML e-mail messages in the Restricted sites zone, removing the risk of an attacker being able to use this vulnerability to execute malicious code. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario. Additionally, Outlook 2007 uses a different component to render HTML e-mail, removing the risk of this exploit.


Previous
Next
OCZ Makes Solid State Storage More Affordable with Introduction of Onyx Series SSD        All News        Dell Unleashes Powerful 15.6-inch Mobile Workstation
Biking Directions On with Google Maps     General Computing News      Google Opens App Store For Business

Get RSS feed Easy Print E-Mail this Message

Related News
European Commission Approves Acquisition of LinkedIn by Microsoft, Subject to Conditions
Microsoft Is Careful With New Chatbot Zo, Now Available For Testing
Microsoft Offers Grants to Organizations Working to Improve Affordable Internet Access
Microsoft Wants To Bring Something Different in The Smartphone Market
Microsoft's Solitaire Game Now Available On iOS And Android
Microsoft Joins The Linux Foundation, Google Embraces The .NET community
Microsoft Buys 237 Additional Megawatts of Wind Energy
Microsoft Introduces Chat-based Workspace in Office 365
Microsoft Identifies Russia-linked Hackers Exploiting Windows Flaw
Microsoft Researchers Reach Human Parity in Conversational Speech Recognition
Microsoft Cloud Strength Highlights First Quarter Results
Microsoft's Cloud Investments In Europe Hits $3 billion

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2016 - All rights reserved -
Privacy policy - Contact Us .