CERT mailing list archives
Current Activity - Microsoft Internet Explorer 8 use-after-free Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Fri, 7 Jan 2011 08:38:08 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Microsoft Internet Explorer 8 use-after-free Vulnerability Original release date: January 7, 2011 at 8:27 am Last revised: January 7, 2011 at 8:27 am US-CERT is aware of a vulnerability affecting Microsoft Internet Explorer 8. This vulnerability is due to improper handling of circular memory references. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the user or cause a denial-of-service condition. At this time, the vendor has not released a fix or a workaround to address this vulnerability. Users and administrators are encouraged to consider implementing the mitigations provided in Microsoft's Enhanced Mitigation Experience Toolkit (EMET). These mitigations will not rectify the vulnerability but will make exploitation of the vulnerability more difficult. Additional information can be found in US-CERT Vulnerability Note VU#427980. US-CERT will provide updates as further details become available. Relevant Url(s): <http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx> <http://www.kb.cert.org/vuls/id/427980> ==== This entry is available at http://www.us-cert.gov/current/index.html#microsoft_internet_explorer_8_use -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTScXNT6pPKYJORa3AQKedwgAuw7bfh3fEksuut5Te4tktGSjTXI0DnBX Knbr8cH939PSzxSeq0JVayfq6jrFOlEnHnDMOKDcmV9Ktq6qr11kuFp0qBG3rWUg nzaibZnCOmg429MjhqC9i/I6Dp6e+poahg7o6qcTYpa03MdSIrk/Q626QYs8gkr7 P+X/rvp4HyTfSd/4fz5Xws1jMhpvY9nrJ26f7/+AB/BJE+rULhIv0K8YFoPCt081 MO71mkuH5YxILTgKc0KccJ5PmgWA0Yktn5qvTA7kjI2kRF+RdTNPUn9qnwrOzo4Y BKQ+PMBIlUrMtzJcKyxwZiuMtPphM96WE6YfXk33440YfP67MC+4kg== =uJkf -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Microsoft Internet Explorer 8 use-after-free Vulnerability Current Activity (Jan 07)