There appears to be some months ago a serious vulnerability in Internet Explorer 8 discovered that not poem. The leak is revealed by the Zero Day Initiative, which says that the vulnerability is remote code execution with the privileges of the logged-in user.
Microsoft was in October 2013 will be informed of the vulnerability by security company TippingPoint, but this has not yet been repaired. Earlier this month showed the Zero Day Initiative, the group then know to publication, what now happened. The policy of the ZDI is to provide details about vulnerabilities to the outside if they do not, within 180 days fixed.
The vulnerability can exploits be exploited via self-organised or taken over websites. The abuse can lead to code execution with the privileges of the logged-in user, which in the worst case a system is complete to take over. Internet Explorer 8 is available for Windows XP, Windows Vista and Windows 7.
For the former, in every case, no patch more. Why Microsoft has no patch for the other versions of Windows has been released, is not clear. “Some fixes are more complex than others”, says the company against Cnet. There are no cases of actual abuse of the leak is known to the company.
Comments
(251)