Current Activity - Microsoft Internet Explorer 8 use-after-free Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft Internet Explorer 8 use-after-free Vulnerability

Original release date: January 7, 2011 at 8:27 am
Last revised: January 7, 2011 at 8:27 am


US-CERT is aware of a vulnerability affecting Microsoft Internet
Explorer 8. This vulnerability is due to improper handling of circular
memory references. Exploitation of this vulnerability may allow an
attacker to execute arbitrary code in the context of the user or cause
a denial-of-service condition.

At this time, the vendor has not released a fix or a workaround to
address this vulnerability. Users and administrators are encouraged to
consider implementing the mitigations provided in Microsoft's Enhanced
Mitigation Experience Toolkit (EMET). These mitigations will not
rectify the vulnerability but will make exploitation of the
vulnerability more difficult.

Additional information can be found in US-CERT Vulnerability Note
VU#427980. US-CERT will provide updates as further details become
available.

Relevant Url(s):
<http://blogs.technet.com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkit-emet-v2-0-0.aspx>

<http://www.kb.cert.org/vuls/id/427980>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_internet_explorer_8_use

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTScXNT6pPKYJORa3AQKedwgAuw7bfh3fEksuut5Te4tktGSjTXI0DnBX
Knbr8cH939PSzxSeq0JVayfq6jrFOlEnHnDMOKDcmV9Ktq6qr11kuFp0qBG3rWUg
nzaibZnCOmg429MjhqC9i/I6Dp6e+poahg7o6qcTYpa03MdSIrk/Q626QYs8gkr7
P+X/rvp4HyTfSd/4fz5Xws1jMhpvY9nrJ26f7/+AB/BJE+rULhIv0K8YFoPCt081
MO71mkuH5YxILTgKc0KccJ5PmgWA0Yktn5qvTA7kjI2kRF+RdTNPUn9qnwrOzo4Y
BKQ+PMBIlUrMtzJcKyxwZiuMtPphM96WE6YfXk33440YfP67MC+4kg==
=uJkf
-----END PGP SIGNATURE-----