In other Words all IE Vers are vulnerable ....

R

RadioPatrol

Guest
:faint:

Glad I use FireFox ....... :evil:

Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: December 10, 2008 | Updated: December 11, 2008

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

This update to the advisory contains information about which versions of Internet Explorer are vulnerable as well as new workarounds and a recommendation on the most effective workarounds.

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

This advisory discusses the following software.
Related Software

Windows 2000 Service Pack 4

Windows XP Service Pack 2

Windows XP Service Pack 3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition Service Pack 2

Windows Server 2003 Service Pack 1

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP1 for Itanium-based Systems

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista Service Pack 1

Windows Vista x64 Edition

Windows Vista x64 Edition Service Pack 1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems

Microsoft Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

Microsoft Internet Explorer 6 Service Pack 1 for Microsoft Windows 2000 Service Pack 4

Microsoft Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, Windows XP Professional x64 Edition, and Windows XP Professional x64 Edition Service Pack 2

Microsoft Internet Explorer 6 for Windows Server 2003 Service Pack 1 and Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Windows Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2

Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Windows Internet Explorer 7 in Windows Vista and Windows Vista Service Pack 1, and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Internet Explorer 7 in Windows Server 2008 for 32-bit Systems

Windows Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems

Windows Internet Explorer 7 in Windows Server 2008 for x64-based Systems

Windows Internet Explorer 8 Beta 2 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2

Windows Internet Explorer 8 Beta 2 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2, Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2

Windows Internet Explorer 8 Beta 2 in Windows Vista and Windows Vista Service Pack 1, and Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1

Windows Internet Explorer 8 Beta 2 in Windows Server 2008 for 32-bit Systems

Windows Internet Explorer 8 Beta 2 in Windows Server 2008 for Itanium-based Systems

Windows Internet Explorer 8 Beta 2 in Windows Server 2008 for x64-based Systems
Click to expand...
 
GWguy

GWguy

*
it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space.
Click to expand...

This has always been the reason MS products are inherently unsafe. Bad coding.
 
G1G4

G1G4

Find em Hot, Leave em Wet
I could've told you that without telling you about the vulnerability. :killingme
 
R

RadioPatrol

Guest
GWguy said:
This has always been the reason MS products are inherently unsafe. Bad coding.
Click to expand...



I blame Active X .... that MS touted as the greats web add on since the browser .... everyone else was :confused: that is going to leave your computer wide open to hacking ....

but yeah the browser is probably crap as well ... :whistle:
 
You must log in or register to reply here.
Top