Microsoft Internet Explorer versions 6, 7, 8, and 9 are susceptible to a use-after-free vulnerability (CWE-416) that may result in remote code execution.
Microsoft Internet Explorer 6/7/8/9 contains a use-after-free vulnerability in the CMshtmlEd::Exec() function. An attacker may leverage this vulnerability to execute arbitrary code. This vulnerability is being actively exploited in the wild and a Metasploit module is publicly available.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code.
Apply an Update
Run Windows Update to apply the patch for this vulnerability. MS12-063 contains patches for this and other vulnerabilities as well.
Apply a Microsoft Fix It utility
Use a different web browser
Until Microsoft has released a patch for this vulnerability, consider using a different web browser for viewing untrusted web sites.
This vulnerability was discovered in the wild.
This document was written by Jared Allar.
|Date First Published:||2012-09-17|
|Date Last Updated:||2012-09-21 17:16 UTC|