Critical Bug Found In All Versions Of Internet Explorer
A critical bug found in all version of Microsoft's Internet Explorer, may leave a users computer open to hackers....
Microsoft have confirmed that an un-patched bug hackers have been exploiting in IE7, also exists in older versions of the browser.
The bug is contained in all versions from IE5.01, to IE7 — as well as IE8 Beta 2. Any users of IE on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk
Internet Explorer Bug
The company had already issued countermeasures to combat the problem. However Danish security company, Secunia APS, say the original advice was insufficient and recommended users to take the new steps to fix the bug.
Microsoft had believed the bug only existed in IE7, they also hinted that by setting IE’s Internet security zone to “High” and disabling scripting, users would be safe.
In response to this advice, Carsten Eiram, chief security specialist at Secunia explained:
“Technically no … it is still possible to trigger the vulnerability…
“However, it does make exploitation trickier as it protects against attacks using scripting.”
Eiram also advised users to disable the “oledb32.dll” file in the computers registry. Taking these preventative measures should help users stay safe until a fix is released.
Despite the wide range of users who maybe affected by this problem, Microsoft have downplayed the severity of the threat. Microsoft advisory said:
“At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7,”
Microsoft claim the bug is in IE’s data binding functionality and, contrary to earlier reports, not in the HTML rendering code:
“The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer…
“When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.”
Microsoft have addressed the problem but have yet to disclosed a timetable for the fix.
- Unavailable, please contact us for more information.