Link: Internet Explorer CVE-2014-1776 security flaw discovered | BGR

Internet Explorer CVE-2014-1776 security flaw discovered | BGR

Microsoft on Sunday published a new security advisory warning users that a new vulnerability (reference number CVE-2014-1776) has been found to affect all Internet Explorer versions, from Internet Explorer 6 to Internet Explorer 11, although a fix for it isn’t available yet. The security issue has been discovered by security firm FireEye. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft said. “An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.” However, the flaw only works once a user has been convinced to visit a certain websites. Otherwise, the issue won’t harm Windows users. “In a web-based attack scenario, an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability,” the company said. “In all cases, however, an attacker would have no way to force users to visit these websites. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker’s website.
This entry was posted in Delicious and tagged , , , , , , . Bookmark the permalink.