Last Updated: 2013-09-17 18:28:56 UTC
by John Bambenek (Version: 1)
Microsoft just released an advisory on an Internet Explorer vulnerability that would allow for remote execution. The report references public availability of details of his vulnerability. The long story short, a targetted attack that gets a user to view a malicious webpage (or malicious content on an otherwise safe webpage) could lead to memory corruption that could execute arbitrary code with the permissions of the logged in user. Two suggested actions are provided by Microsoft, apply the FixIt provided by Microsoft or deploy EMET 3.0/4.0 which provides generalized protection of memory (and probably not a bad idea to deploy anyway). Note, the FixIt ONLY applies to 32-bit versions of Internet Explorer.
This post will be updated with more details as the situation warrants.
bambenek \at\ gmail /dot/ com