Microsoft Internet Explorer contains a use-after-free vulnerability in the iepeers.dll file, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Microsoft Internet Explorer provides support for Web Folders and printing through the use of the iepeers.dll component. According to Microsoft Security Advisory (981374), the iepeers.dll contains a vulnerability in the use of a pointer after an object is freed. Microsoft reports that the vulnerability, which affects Internet Explorer 6 and 7, has been reported publicly.
Exploit code for this vulnerability is publicly available. This vulnerability is currently being exploited in the wild.
By convincing a user to load a specially crafted HTML document or Microsoft Office document, a remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.
Apply an update
Thanks to Microsoft for reporting this vulnerability.
This document was written by Will Dormann.
|Date First Published:||2010-03-09|
|Date Last Updated:||2010-03-30 21:56 UTC|