Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IE 8 Zero Day Discovered

Posted by samzenpus on from the no-shortage dept.

Trailrunner7 (1100399) writes "Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but the company has yet to produce a patch, so HP's Zero Day Initiative, which is handling the bug, published its advisory Wednesday. The ZDI has a policy of disclosing vulnerability details after 180 days if the vendor hasn't produced a patch. The use-after-free flaw lies in the way that IE handles CMarkup objects, and ZDI's advisory says that an attacker can take advantage of it to run arbitrary code."

3 of 134 comments (clear)

  1. Re:why are they taking so long? by Billly+Gates · · Score: 0, Troll

    Because it's from Ms.

    And what a great way to force users to upgrade

    --
    http://saveie6.com/
  2. Re:IE8 Last for Windows XP by cavreader · · Score: 0, Troll

    Oh by all means lets get the government bureaucrats involved in policing software security. What could possibly go wrong? Stop looking to the government to protect you and start taking some responsibility for your own actions. You want guaranteed online security then just unplug your network cable because that is the only thing that will make you 100% secure from online attacks. There is not a browser on the market that doesn't have exploitable flaws if you really smart, motivated, and look hard enough. But alas even unplugging can be circumvented by simply inserting a USB drive of questionable origin into your system. Stuxnext infected the Iranian system using an infected USB drive in combination with the good ole sneaker net. If unplugging is not practical for you then you can start paying attention and stop clicking on links in the unsolicited e-mails you receive. Make sure your computer has a properly configured firewall. Use script inhibiting add-ons for your browser. Make sure your user accounts are properly privileged instead of running everything as an administrator. Setup a proxy if you want to make it harder for someone looking to infringe your anonymity. Even these precautions can be circumvented by falling for online social engineering attacks. Which by the way is the primary vector used today for bootstrapping malware.

  3. Re:why are they taking so long? by DrXym · · Score: 0, Troll

    XP was supported for 13 years. A pretty generous term by any measure. At some point a line has to be drawn and further issues should be ignored.