Severe vulnerability in Internet Explorer 8

A vulnerability related to memory processing has been discovered in Microsoft Internet Explorer 8. The vulnerability enables that the attacker can execute codes with the user's rights if the user is lured to a website providing content in a certain way.

  • Servers and server applications
  • Workstations and end-user applications
  • Network devices
  • Mobile communications systems
  • Embedded systems
  • Others

Target

  • Workstations and end-user applications
Further information +

Attack vector

  • Remote
Further information on the access vector +

Impact

  • Execution of arbitrary commands
  • Security bypass
Further information on the impact +

Remediation

  • Restriction of the problem
Further information on the remediation +

Vulnerable software:

  • Microsoft Internet Explorer 8

Possible solutions and restrictive measures:

Upgrade your browser to Internet Explorer 11. The browser cannot be upgraded on a Windows XP platform. Windows XP should be changed to an operating system for which information security updates are available.

The exploitation is possible to prevent by taking Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) into use in compliance with Microsoft's instructions. EMET version 4.1 protects vulnerable software automatically.

Further information:

http://www.kb.cert.org/vuls/id/239151

http://zerodayinitiative.com/advisories/ZDI-14-140/

CVE-2014-1770

Update history


Key words: Information security, Vulnerabilities


LinkedIn Print