Yet Another Major Internet Explorer Flaw allows Remote Code Execution
Microsoft announced last December 15 of yet another major flaw in version 7 of its Internet Explorer browser which allows remote code execution on the target computer (as if the others do not already).
Dubbed as Microsoft Security Advisory (961051), the advisory went on to discuss the issue as follows:
The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
It appears also that its not only IE7 that’s affected. It affects versions up to IE8 also. Even the BBC has snatched this issue as well.
What was weird for me was that the Full Disclosure community did not make any reaction to this disclosure by Microsoft. Or it might be too early as the secinfo experts and enthusiasts are scrambling to verify this if at all.
My take on this is - what’s new? Honestly, I’m not surprised at all.
Technorati 
browser, internet, explorer, IE, major, flaw, microsoft, security
Site Search Tags: browser, internet, explorer, IE, major, flaw, microsoft, security