Microsoft Internet Explorer "CDwnBindInfo" Use-After-Free Vulnerability
Secunia Advisory SA51695
Release Date:2012-12-30
Criticality level : Extremely critical
Impact: System access
Where :From remote
Software:
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
Solution
No official solution is currently available.
Bollettino Sicurezza
Secunia Advisory SA51695
Release Date:2012-12-30
Criticality level : Extremely critical
Impact: System access
Where :From remote
Software:
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
A vulnerability has been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a use-after-free error when handling the "CDwnBindInfo" object and can be exploited to dereference an already freed object.
Successful exploitation allows execution of arbitrary code.
NOTE: This is currently being actively exploited in targeted attacks.
Solution
No official solution is currently available.
Bollettino Sicurezza