Yet another flaw hits IE browser
By Nicole Kobie,
Microsoft has admitted another vulnerability in older versions of its Internet Explorer browser, with attacks already taking advantage of the problem.
The flaw only affects IE6 and IE7, not IE8. Naturally, Microsoft has again advised users to upgrade to IE8.
The Microsoft bulletin said the flaw is linked to an invalid pointer reference. "It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
Microsoft said hackers are already making use of the flaw. "At this time, we are aware of targeted attacks seeking to exploit this vulnerability against Internet Explorer 6," communications head Jerry Bryant said on the Microsoft security blog.
The firm noted that the Internet Explorer Protected Mode in IE7 running on Vista helps to "mitigate" the problem, while instances of the browser running on Server 2003 and 2008 should also be safe because of default security settings.
Microsoft said it is still investigating the flaw, and will offer an update either through the monthly patching cycle - not due again until April - or an out-of-band patch.
Read on for more about the problems facing Internet Explorer.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Who to trust after the VeriSign hack?
Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
- Are the cookie laws crumbling already?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Will someone rid me of these troublesome Macs?
- Symantec hackers: We've released pcAnywhere source code
- BT considering Ofcom price cap appeal
- Google sends in Bouncer to sort out malicious apps
- ACTA: the basics, the controversies, and the future
- Trendnet firmware flaw exposes private videos
- Anonymous publishes FBI hacking call
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- VeriSign admits 2010 hack
- Nokia Lumia 710 review
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
