Microsoft |
VUPEN.com states that a “vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the "mshtml.dll" library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various "@import" rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3 and with Internet Explorer 7 and 6 on Windows XP SP3.
Microsoft will release a final patch for the year 2010 on December 14 (Tuesday), which will contain 17 security bulletins and 40 security fixes. Microsoft has stated that they are ‘investigating' the new exploit and will take appropriate action to safeguard its consumers.
the quotation from:tech2
{ 0 comment... read them below or add one }
Posting Komentar