Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability
07 January 2013
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.
As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”