terça-feira, 24 de novembro de 2009

IE6 and IE7 vulnerable to latest flaw; IE8 immune

URL: http://feeds.arstechnica.com/~r/arstechnica/index/~3/tFARTMEec7s/ie6-and-ie7-vulnerable-to-latest-flaw-ie8-immune.ars


Microsoft has issued Security Advisory 977981 in regard to public reports of a vulnerability that exists as an invalid pointer reference of Internet Explorer. Under certain conditions, it is possible for a CSS/Style object to be accessed after the object is deleted, and thus, if Internet Explorer attempts to access the supposedly freed object, it can end up running attacker-supplied code. IE6 SP1 on Windows 2000 SP4, as well as IE6 and IE7 on supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 are affected. Microsoft notes that IE 5.01 SP4 and IE8 on all supported versions of Windows are not affected, but of course IE6 and IE7 still account for over 40 percent of the browser market.

Read the rest of this article...


Nenhum comentário: