In association with heise online

24 November 2009, 11:11

Microsoft confirms critical vulnerability in Internet Explorer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has confirmed the existence of the critical security vulnerability that was reported over the weekend and released information on which systems are affected. According to the report, Internet Explorer 6 SP1 under Windows 2000 Service Pack 4 and Internet Explorer 6 and 7 under Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008 are all vulnerable. The bug is not, however, present in Internet Explorer 5.01 SP4 or Internet Explorer 8.

The problem is caused by an invalid pointer reference in the Microsoft HTML Viewer (mshtml.dll) when processing specific CSS/STYLE objects using the getElementsByTagName() JavaScript method. If this pointer points to an object which has been deleted, this can be exploited to crash the browser or run injected code. The exploit currently doing the rounds is not particularly stable and often just causes the browser to crash. There do not appear to be any known websites actively exploiting the vulnerability to infect visitors' PCs with malicious code at present, but this can quickly change.

Microsoft is working on a security update and is in the meantime advising users to set the security level for the 'Internet' and 'Local intranet' zones to high. Alternatively, they recommend deactivating Active Scripting completely, however this does prevent many websites from working properly. According to the report, data execution prevention (DEP) should also frustrate attacks. With Internet Explorer 7 under Vista, protected mode, which is activated by default, should at least reduce the effects of an attack.

According to the report, Microsoft Outlook, Microsoft Outlook Express and Windows Mail are also in theory affected, but Active Scripting should be prevented by the fact that the default setting is to open HTML email with the privileges of restricted sites.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-867342
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit