internet explorer under attack
I always like a good Microsoft bag out so here’s another.
Hackers are now exploiting versions of IE.6, 7 and the latest beta, 8. Microsoft has said, any user running browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.
Microsoft also spelled out the root of the problem, saying that the bug is in IE’s data binding functionality and, contrary to earlier reports by independent security researchers, not in the HTML rendering code. "The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer," said Microsoft. "When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable."
Microsoft also hinted that the "oledb32.dll" file contains the bug when it added a recommendation that users disable or cripple the .dll’s function as a stopgap measure. Oledb32.dll is a component of Microsoft Data Access, a collection of technologies for accessing different types of data in a uniform fashion. "OLEDB" stands for "Object Linking and Embedding, Database."
more info can be found here:
Well, I suppose thats another postive for Vista, as this bug doesnt affect Vista users, Yay. Other than that, i urge all ie users to upgrade to a browser called firefox that can be found here: http://www.mozilla.com/firefox/
Leave a comment
hey dude. how about you recommend users to use a better browser than firefox, like opera? hehe which has totally pwnd FF for ever!! its not in version 9.63 for stable, or 10 Alpha 1 for unstable… pwnd
betafan
December 16, 2008
haha. never shall i convert people to opera. I’d only tell people to use opera mini for their phone.. :P
VK
December 17, 2008