Internet Explorer 6, 7 and 8 Vulnerable

Last Friday, we reported that the website of the U.S. Council of Foreign Relations was allegedly compromised by Chinese hackers who exploited the zero-day bug that was only discovered that same day. The CFR website was compromised with JavaScript that served malicious code to older IE browsers and the code then created a heap-spray attack using Adobe Flash Player.

Yesterday former hacker Bryce Case Jr (YTCracker) tweeted about a new zero day exploit threatening all users of IE8, "internet explorer 6-8 0day making the rounds force them toolbar installs and keyloggers on exgf while you still can...".

 

On Saturday, Microsoft published a security advisory warning users of Internet Explorer 6, 7, and 8 that they could be vulnerable to remote code execution hacks. The vulnerability is a remote code execution vulnerability that exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated.

The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.

Meanwhile, the software giant will be shipping a software fix, available from its Fix It Solution Center, to protect systems before the patch is ready. Microsoft also has posted several mitigation options for users of Internet Explorer 8 or earlier to protect the Windows operating system from the exploit.

The best measure - of course,  switch to Google Chrome and Mozilla Firefox.

 

Sumbernya : thehackernews.com/2012/12/internet-explorer-6-7-and-8-vulnerable.html