Zero-Day Hole In Internet Explorer 6 and 7

[HardOCP News]

Microsoft says that they have found a new vulnerability in Internet Explorer 6 and 7 that could allow remote code execution. The company is currently working on a fix but the advisory linked above does list a few workarounds for those affected.

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

 

[Gorankar]

Well, at least IE8 is not vulnerable to this one.
All the machines in my house that still use IE or go on the web use IE8. Sucks for everyone else though.

 

[AVT]

Lovely.

 

[HalifaxPete]

Zero Day Hole come and Zero Day Hole go, Day Hole!

I just couldn't resist - I'm sorry

 

[jwalk6]

Which may explain why I suddenly have a bunch of people with fully patched (until today) XP systemsand updated virus and malware scanners suddenly being infected with the Trojan. Fake.AV malware.

 

[Eva_Unit_0]

Which may explain why I suddenly have a bunch of people with fully patched (until today) XP systemsand updated virus and malware scanners suddenly being infected with the Trojan. Fake.AV malware.

If they were fully patched wouldn't they have IE8? It's been out for a while now.

 

[bh192012]

Microsoft did not find a Zero Day exploit.

Just to clarify, if Microsft finds it, it's not a "Zero Day" hole. In this case, someone else found it and Microsoft figured out that they were using it and has "Zero Days" to come up with a fix. It's like the difference between discovering gold, and "discovering" a gold mine.

 

[Lord_Anselhelm]

Here's a good workaround for everyone:

STOP USING IE6 AND IE7!!!

 

[Azhar]

Here's a good workaround for everyone:

STOP USING IE6 AND WINDOWS XP!!!

Fixed.

(business users are exempted - sometimes)

 

[jwalk6]

If they were fully patched wouldn't they have IE8? It's been out for a while now.

I don't consider a browser a "patch". There are still applications out there that don't run on anything newer than IE6. Maybe not in consumerland but definitely in business land.