0-day vulnerability in Internet Explorer 6, 7 and 8
Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer (apart from 5 – but no one has that around anymore, right?).
While all versions of Internet Explorer are affected, the risk for everyone running Internet Explorer 8 is lower since it has DEP (Data Execution Prevention) enabled by default. DEP makes exploitation of this vulnerability more difficult so as a temporary workaround you might want to enable it for older IEs (keep in mind that it might break some add-ons).
Microsoft says that so far they only saw exploits against Internet Explorer 6. In a related post (here) McAfee said that this vulnerability was (one of those) used to compromise Google. So, it appears that it was maybe even a cocktail of 0-day exploits used (IE + Adobe).
--
Bojan
INFIGO IS
Web App Penetration Testing and Ethical Hacking | Munich | Oct 14th - Oct 19th 2024 |
Comments
Don
Jan 15th 2010
1 decade ago
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
Prefect
Jan 16th 2010
1 decade ago
Interestingly enough, both France and Germany have recommended their citizens switch from IE to an alternative browser; it looks like tech guys aren't the only ones expecting a massive fallout over this.
computerfreaker
Jan 18th 2010
1 decade ago