[ISN] Microsoft plugs zero-day IE hole

From: InfoSec News <alerts_at_private>
Date: Wed, 9 Dec 2009 01:08:33 -0600 (CST)
http://news.cnet.com/8301-27080_3-10411612-245.html

By  Elinor Mills
InSecurity Complex
CNet News
December 8, 2009

Microsoft released fixes on Tuesday for a critical vulnerabilities in 
Internet Explorer, including one for which exploit code has been 
released.

Adobe, meanwhile, was scheduled to release a critical update affecting 
Flash Player and Adobe AIR, following news of exploit code being 
released for a vulnerability in Illustrator CS3 and CS4 on Windows and 
Mac last week.

Microsoft's regular Patch Tuesday release includes six security 
bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server, 
and Office.

However, priority should be given to the cumulative IE bulletin, which 
affects all major Windows versions including Windows 7, IE 6, IE 7, and 
IE 8. The bulletin fixes five holes that could allow an attacker to 
remotely take control over a system in drive-by download attacks. The 
fix also addresses a problem with ActiveX control built with Microsoft 
Active Template Library (ATL) headers that could allow remote code 
execution.

"Vulnerabilities in IE are generally pretty serious because all you have 
to do is go to a Web page or get referred to one" that has malicious 
code on it, said Jason Avery, manager of the Digital Vaccine service at 
Tipping Point. Three of the IE holes were disclosed through Tipping 
Point's Zero Day Initiative program over the summer, he said.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Dec 08 2009 - 23:08:33 PST

This archive was generated by hypermail 2.2.0 : Tue Dec 08 2009 - 23:15:21 PST