Microsoft Internet Explorer Use-After-Free Vulnerability

Last Update Date: 21 Feb 2014 Release Date: 17 Feb 2014 3735 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability has been identified in Microsoft Internet Explorer, which can be exploited by attackers to cause arbitrary code to be executed on the target user's system.

A remote user can create HTML with a specially crafted Adobe Flash object that, when loaded by the target user, will trigger a use-after-free memory error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

The exploit currently only targets Internet Explorer 9 and 10 on systems that have Adobe Flash installed and do not have EMET installed. Windows 8 comes with Flash, so no additional software is required to be vulnerable to this exploit on that platform.

Note: Vulnerability has no patch available.

Impact

  • Remote Code Execution

System / Technologies affected

  • Internet Explorer 9
  • Internet Explorer 10

Solutions

  • Vulnerability has no patch available.
  • (Update 21/2/2014)Apply the Microsoft Fix it solution, "MSHTML Shim Workaround"

 

Note: Possible mitigation actions include using an alternative browser, installing Microsoft's Experience Mitigation Toolkit (EMET), or upgrading to a newer version of the browser.

Vulnerability Identifier

Source

Related Link

Share with

Previous

FFmpeg Multiple Vulnerabilities

19 Feb 2014 3179 Views

Next

Adobe Flash Player Remote Code Execution Vulnerability

21 Feb 2014 3475 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY