Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote malicious users to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet_explorer 6 |
||
microsoft internet_explorer 7 |
||
microsoft internet_explorer 8 |
||
microsoft internet_explorer 9 |
During Q3 2012, over 9,000 new malicious .dex files were added to our malware collection. This is 5,000 files fewer than last quarter but 3,500 more than in Q1 2012. This is due to the fact that in Q2 files that had been detected heuristically for some time were added to our malware collection. (Note that one heuristic is used to detect a large number of different programs.) In Q3, the situation was standard and the number of new files added to our collection was in line with the trend we have s...