IE8 safe from critical 'zero-day vulnerability' affecting IE6 and IE7, warns Microsoft

Microsoft warns of a new “0-day vulnerability” affecting Internet Explorer 6 /7, but IE8 users are protected by default against exploits. In fact, the company has not only confirmed the new IE vulnerability, but also attacks in the wild targeting the 0-day flaw. In the eventuality of a successful exploit, an attacker could execute arbitrary […]

Microsoft warns of a new “0-day vulnerability” affecting Internet Explorer 6 /7, but IE8 users are protected by default against exploits. In fact, the company has not only confirmed the new IE vulnerability, but also attacks in the wild targeting the 0-day flaw. In the eventuality of a successful exploit, an attacker could execute arbitrary code on an affected system, effectively taking over the machine. “The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution,” the company explained in Security Advisory (981374).