Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote malicious users to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet_explorer 6 |
||
microsoft internet_explorer 7 |
||
microsoft internet_explorer 8 |
'Black Vine' gang, late of China, fingered as source of heist that lifted 70 million records
The case for a Beijing-orchestrated hack of health insurer Anthem has firmed up with new details suggesting that the sophisticated hacking group responsible for the heist shared zero days with rival outfits. Symantec has overnight dubbed the perps "Black Vine", suggesting the group was responsible for goring more than 70 million personal records from the US company in February. The security firm paints the group as ultra-sophisticated and unusually keen to share its precious trove of zero day vu...
Took them under 24 hours
A security researcher has developed a method to circumvent Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability. Redmond release a temporary Fix It to defend against the flaw last week, pending the development of a more complete patch which it later emerged would not arrive with updates due to be delivered on Patch Tuesday tomorrow. However, Peter Vreugdenhil, of the vulnerability analysis firm Exodus Intelligence was able to sidestep that protection with a variatio...
Patch Tuesday can't come soon enough
Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week. The security flaw (CVE-2012-4792) - which affects IE 6, 7 and 8 but not the latest versions of Microsoft's web browser software - allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites. Redmond has released a temporary Fix It (easy-to-apply workaround) pending t...