JPCERT-AT-2008-0023
JPCERT/CC
2008-12-18
<<< JPCERT/CC Alert 2008-12-18 >>>
Vulnerability in Internet Explorer Data Binding
http://www.jpcert.or.jp/at/2008/at080023.txt
I. Overview
Microsoft has released emergency information of an Internet Explorer
vulnerability, which contains one security update with severity rating
"Critical". A remote attacker could use this vulnerability to execute
arbitrary code.
Microsoft has already observed attacks exploiting this
vulnerability. Users are recommended to immediately apply the security
update since attacks exploiting this vulnerability are expected to
increase in the future.
For further information about the vulnerability, refer to the
following URL.
Microsoft Security Bulletin MS08-078 - Critical
http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx
II. Solution
Use means such as Microsoft Update or Windows Update to apply the
security update immediately.
Microsoft Update
https://www.update.microsoft.com/
Windows Update
https://windowsupdate.microsoft.com/
Note that a reboot is required after applying the security update.
III. References
Microsoft Security Bulletin MS08-078 - Critical
http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx
US-CERT Technical Cyber Security Alert TA08-352A
Microsoft Internet Explorer Data Binding Vulnerability
http://www.us-cert.gov/cas/techalerts/TA08-352A.html
US-CERT Vulnerability Note VU#493881
Microsoft Internet Explorer data binding memory corruption
vulnerability
http://www.kb.cert.org/vuls/id/493881
If you have any information you could provide regarding this alert,
please contact us.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top