Zero-Day Hole In Internet Explorer 6 and 7

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Microsoft says that they have found a new vulnerability in Internet Explorer 6 and 7 that could allow remote code execution. The company is currently working on a fix but the advisory linked above does list a few workarounds for those affected.

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.
 

Gorankar

[H]F Junkie
Joined
Jul 19, 2000
Messages
10,794
Well, at least IE8 is not vulnerable to this one.
All the machines in my house that still use IE or go on the web use IE8. Sucks for everyone else though.
 

HalifaxPete

Weaksauce
Joined
Aug 1, 2009
Messages
120
Zero Day Hole come and Zero Day Hole go, Day Hole! :D

I just couldn't resist - I'm sorry ;)
 

jwalk6

[H]ard|Gawd
Joined
Oct 10, 2009
Messages
1,039
Which may explain why I suddenly have a bunch of people with fully patched (until today) XP systemsand updated virus and malware scanners suddenly being infected with the Trojan. Fake.AV malware.
 

Eva_Unit_0

[H]ard|Gawd
Joined
Jun 1, 2005
Messages
1,991
Which may explain why I suddenly have a bunch of people with fully patched (until today) XP systemsand updated virus and malware scanners suddenly being infected with the Trojan. Fake.AV malware.

If they were fully patched wouldn't they have IE8? It's been out for a while now.
 

bh192012

Gawd
Joined
Aug 28, 2009
Messages
583
Microsoft did not find a Zero Day exploit.

Just to clarify, if Microsft finds it, it's not a "Zero Day" hole. In this case, someone else found it and Microsoft figured out that they were using it and has "Zero Days" to come up with a fix. It's like the difference between discovering gold, and "discovering" a gold mine.
 

jwalk6

[H]ard|Gawd
Joined
Oct 10, 2009
Messages
1,039
If they were fully patched wouldn't they have IE8? It's been out for a while now.

I don't consider a browser a "patch". There are still applications out there that don't run on anything newer than IE6. Maybe not in consumerland but definitely in business land.
 
Top