Microsoft has notified people of a new publicly-disclosed vulnerability in Internet Explorer (IE). This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.
The Metasploit project recently published an exploit for this vulnerability using a known technique to evade ASLR (Address Space Layout Randomization) and bypass DEP (Data Execution Prevention).
The vulnerability exists due to the creation of uninitialized memory during a CSS function within Internet Explorer. It is possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.
There is no hotfix available yet but in the meantime, users could install EMET and proceed to protect the iexplore.exe process in order to minimize the risk of exploitation.
This article was posted by VG in following section: Internet Explorer.
If you enjoyed this article, subscribe to our RSS feed or free newsletter to get all new articles directly in your Inbox. Also check out our popular articles and archive to read other interesting articles.
Jorge-6025
That's why IE fails so badly.
SRV
If it didn't come pre-installed in Windows,I doubt it will remain the most used browser in the world.But then again,I need it to download Firefox.
Vincent
By "All IE Versions" does it also mean IE9 Beta?
helmutcheese
@ Jorge-6025
Oh that's correct FF (or any browsers) does not get exploits I forgot (sarcasm) !
As the biggest target to hit with most users IE does get more attempts made towards it.
@ Vincent
I was say yes as it states "ALL" and IE9 is public Beta now.
RMOGSPAM
i think so ... crap and i like ie
wildgoosespeeder
Is it just a coincidence that IE seems to have all these "security flaws"? I never hear about this with the other popular browsers. Are they trying to be exploited on the same level as IE or is all the focus going to IE just because people like to hate Microsoft? :D
Jorge-6025
@helmutcheese
Internet Explorer lags, has less add-ons than Firefox, is bulkier, and has more issues that Firefox does. Only the newbies would use Internet Explorer. Of course... if IE is the only browser you can use at your disposal, then that's a different story (i.e. School computers).
leomate
Even Internet Explorer 9 (leaked version?)
But i use Firefox Beta 4.0 for Daily browsing...
Bangre
Google Chrome is better Internet Explorer in web browser. It will not be a big news if Google Chrome OS is proved be better than Microsoft Windows.
helmutcheese
@ Jorge-6025
That is your opinion not shared by myself.
Making a blanket statement like you did means you fail not the browser !
The topic has to do with an exploit not "Add On" or any other off topic input you can come up with.
Fact is they target the most used browser to affect more users !
I had used FF before most "leet kiddies" knew of it and its not that great even today, just fashionable and people are like sheep !