Yet another Internet Explorer exploit.…
Microsoft Security Advisory (961051)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
And yet another stupid avoidable reason for having it:
The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.
The end result is that if you visit a website that does this exploit, your machine will be co-opted, likely virused and enslaved as a bot in the hackers computing pool.
If you use Internet Explorer, please stop. Use Chrome, Firefox or Opera.
Microsoft places features over security. They always have, looks like they always will.
December 19th, 2008 at 11:18 am
[...] fixed that last bug… but others remain: The flaw allows online criminals take over a computer merely by tricking [...]