diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Remote Code Execution Vulnerability Effecting All Version of Internet Explorer, Microsoft (Security Advisory 2488013)

Microsoft today released Security Advisory 2488013 to notify customers of a new publicly-disclosed vulnerability in IE. This vulnerability affects all versions of IE. Exploiting this vulnerability could lead to unauthorized remote code execution inside the iexplore.exe process.

The flaw affects all supported versions of IE and occurs because of “the creation of uninitialized memory during a CSS function within Internet Explorer.” It’s possible under certain conditions for the memory to be leveraged by an attacker using a specially crafted Web page to gain remote code execution.

Vista and Windows 7 users are at less risk than those on XP because of their OS’s Protected Mode, which would limit the attacker’s access rights. Microsoft suggests using EMET (Enhanced Mitigation Experience Toolkit) to protect all IE processes — but it’s a tool designed for admins, not the average home user.

“On completion of this investigation, Microsoft’ll take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. Currently, Microsoft is unaware of any active exploitation of this vulnerability,” stated Microsoft.

Reference: Security Advisory 2488013


Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...