Security Alerts




“Use After Free” Flaws: A New Theme for IE Vulnerability

Severity: High Summary: These vulnerabilities affect: Most current versions of Internet Explorer (IE) How an attacker exploits them:  By enticing one of your users to visit a malicious web page Impact:  An attacker can execute code on your user’s computer, often gaining complete control of it What to do:  Install Microsoft’s IE updates immediately, or let Windows Automatic Update do it for you Exposure: As part of today’s Patch Day, Microsoft released a security bulletin  describing two new security vulnerabilities affecting Internet Explorer (IE). Similar to the flaws in last month’s update , both of these vulnerabilities are what developers call  “use after free” vulnerabilities  – a type of memory corruption flaw that attackers can leverage to execute arbitrary code. This class of vulnerability seems to be a theme for IE lately, since Microsoft has been fixing IE use after free flaws quite a bit over the last few months. In any case, if an attacker can lure one of your users to a web page containing maliciously crafted HTML, she could exploit either of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges

Source:
“Use After Free” Flaws: A New Theme for IE Vulnerability
April 9, 2013 — Category: Security Alerts