Site Archives 0-day
Internet Explorer Information Disclosure Vulnerability
GSA Reference Number: AD100203-01
Simply Put: A new Internet Explorer (IE) information disclosure vulnerability has been announced by Microsoft. This vulnerability could allow an attacker to access files in known locations on the victim’s system. For now, no widespread worms or exploit packs are currently using this vulnerability, and Microsoft has stated that they do not know of any attacks currently taking advantage of this vulnerability. This vulnerability does not affect Internet Explorer running in Protected Mode, which is the default setting on Windows Vista, Windows Server 2008, or Windows 7. This mode is not available in Windows XP. A patch has not yet been released by Microsoft. 
Internet Explorer Remote Code Execution Exploit Released
GSA Reference Number: AD100119-01
Simply Put: A new Internet Explorer remote code execution exploit has been released. There is evidence that this exploit is being used in limited, targeted attacks on the Internet. For now, no widespread worms or exploit packs are currently using this vulnerability. Microsoft has not released a patch, but is currently researching the issue and hopefully will release one soon. Reports have been published linking this exploit to the Google hacking incident. According to this Microsoft article, an out-of-band patch will be released for this vulnerability.
Out-of-Band Patch Coming for IE Vulnerability
GSA Reference Number: AD081216-01
Simply Put: Microsoft will be releasing an out-of-band patch today, December 17, to address the critical Internet Explorer vulnerability currently being exploited by malicious websites. The patch affects Internet Explorer 6 and 7 and is rated critical by Microsoft. Since this exploit allows remote code execution, Gladiator recommends applying the patch as soon as possible.
More IE Flaw Details
There has been more information released about the Internet Explorer (IE) 0-day vulnerability. Microsoft has stated now that the vulnerability affects more versions of IE than previously thought. Vulnerable versions include IE 7, IE 8 (beta), IE 6 (non-SP2) and IE 5. Gladiator recommends that users switch to a different browser for the time being. Using Internet Explorer for banking applications that are not compatible with other browsers is fine, but do not use IE to browse the Internet.
IE 0-day Exploit
Internet Explorer 7 has a new 0-day exploit, meaning that it is currently being exploited through malicious websites and there is no patch available. If a user visits a malicious site, there is a possibility that an attacker could run arbitrary code on the system. The exploit appears to use a vulnerability in Internet Explorer’s handling of XML code. This issue has been confirmed for users with IE 7 running Windows XP or Windows 2003. Further details are not available at this time. Gladiator recommends that users run the Firefox browser, if possible, for general web browsing until a patch is released.
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.
Monthly Archives
Find posts by the month they were written.
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- July 2008
- May 2008
- April 2008
- March 2008
- January 2008
- December 2007
- November 2007