Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Microsoft Internet Explorer use-after-free Vulnerability

 

Systems Affected


Windows Server 2003 SP2
Windows Server 2003 x64 Edition SP2
Windows Vista SP2 and prior
Windows Vista x64 Edition SP2 and prior
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2008 for 32-bit Systems SP2 and prior
Windows Server 2008 for x64-based Systems SP2 and prior
Windows 7 for 32-bit Systems SP1 and prior
Windows 7 for x64-based Systems SP1 and prior
Windows Server 2008 for Itanium-based Systems SP1 and prior
Windows Server 2008 for Itanium-based Systems SP2
Windows Server 2008 R2 for x64-based Systems SP1 and prior
Windows Server 2008 R2 for Itanium-based Systems SP1 and prior
Windows 8 for 32-bit and 64bit Systems
Windows 8.1 for 32-bit and 64-bit Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1

Component Affected
Internet Explorer 6,7,8,9,10,11

Threat Level


High


Overview


A use-after-free vulnerability has been reported in the Microsoft Internet Explorer, which could allow a remote attacker to execute arbitrary code on a targeted system in the context of current user within Internet Explorer.


Description


This vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. A remote attacker could exploit this vulnerability by hosting a specially crafted website and then convincing users to view the website. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system. Note: Proof of Concept (POC) for this exploit is publicly available.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


http://www.kb.cert.org/vuls/id/222929


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.