Redmond (ip-192.com): A new Internet Explorer zero-day exploit has been published on the web. Microsoft says that it did already receive reports that hackers try to exploit the vulnerability with targeted attacks. The exploit can be found in IE 6 and IE 7.
"Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft 
Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable", Microsoft says in a blog post. “The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.”
Microsoft recommends running IE in Protected Mode, which is only available on systems running the Windows Vista or later operating systems and at least IE7. In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent.
Microsoft is considering an "out-of-band" update to mitigate the exploit before the company's next patch Tuesday, the company said on its blog.
Recent Comments