Microsoft has rolled out a "Fix it" for potential problems found in Internet Explorer 8.
The "Fix it" comes after a Security Advisory, numbered 2847140, was released last Friday stating Microsoft was investigating "public reports of a vulnerability" found in Internet Explorer 8.
"The vulnerability is a remote code execution vulnerability," explained Microsoft. "The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated."
With the vulnerability, it could corrupt memory and allow an attacker to perform arbitrary code as if it is the original or current user.
"An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website," Microsoft's Security Advisory added.
Microsoft did confirm the vulnerability does not affect Internet Explorer versions 6, 7, 9, and 10.
The "Fix it," which launched Wednesday, revealed the vulnerability was exposed due to a page layout issue caused when Internet Explorer 8 attempted to analyze the information.
"The issue is caused by layout structures that are not properly cleaned up and contain dangling pointers to page elements," stated Cristian Craioveanu and Jonathan Ness on Microsoft's Security Research and Defense blog. "When the layout is updated, the browser crashes due to accessing the freed memory. The code that cleans up the dead links already exists, but it runs after the layout structures are accessed. The solution is to move the cleanup logic before the layout structure access."
It is important to note that the "Fix it" is only valid for x86 versions of Internet Explorer 8 that have applied MS13-028, a security update provided by Microsoft back in April.
To obtain the "Fix it," click here.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
