Internet Explorer XML Vulnerability

SHARE this post!

There was a report yesterday that there was a vulnerability affecting Internet Explorer 7 but today I see that the vulnerability affects both IE 6 and IE 5 as well.

Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer. Our investigation so far has shown that these attacks are only against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008. Microsoft Internet Explorer 5.01 Service Pack 4, Microsoft Internet Explorer 6 Service Pack 1, Microsoft Internet Explorer 6, and Windows Internet Explorer 8 Beta 2 on all supported versions of Microsoft Windows are potentially vulnerable.

This update to the advisory contains information about which versions of Internet Explorer are vulnerable as well as new workarounds and a recommendation on the most effective workarounds.

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7. Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability.

At this point the fix seems to be a little vague. Microsoft is advising people to set Internet Explorer security settings to high (Just go to the tools–> Internet Options–>security).

2 thoughts on “Internet Explorer XML Vulnerability

  1. Have you ever considered about adding a little bit more than just your articles?
    I mean, what you say is important and everything.
    Nevertheless think of if you added some great photos or videos to give your posts more, “pop”!
    Your content is excellent but with pics and videos,
    this blog could certainly be one of the very best in its niche.
    Good blog!

  2. A motivating discussion is definitely worth comment.
    I do think that you should publish more about this topic, it
    may not be a taboo subject but typically people don’t talk about such subjects.
    To the next! Best wishes!!

Leave a Reply

Your email address will not be published.