Internet Explorer Data Binding Memory Corruption Vulnerability


Well, another zero day exploit for M$ products – this time a very nasty Internet Explorer vulnerability.

The vulnerability allows a website to exploit execution of arbitrary code.  Here is the advisory from Secunia:

“The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.”

So, IE versions 5.x, 6.x, and 7.x affected.  No patch.  I would stop using IE personally – at least until this gets cleared up.

Related Posts:

  • No Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>