How it works is IE attempts to reference and use an object that had previously been freed. The components of an exploit for such a vulnerability are typically:
- Javascript to trigger the Internet Explorer vulnerability
- Heap spray or similar memory preparation to ensure the memory being accessed after it has been freed is useful
- A way around the ASLR platform-level mitigation
- A way around the DEP platform-level mitigation
Microsoft suggests disabling certain services while it works on a patch. Alternately, you can use an alternative browser like Google Chrome (shown above).
Those changes include disabling Javascript, disabling Flash, and disabling the MS-Help protocol handler along with ensuring "Java6" is not allowed to run.
The vulnerability is not present in IE9 or IE10.
Source: http://hothardware.com/cs/forums/thread/444303.aspx
thursday night football japan earthquake nhl Star Trek Into Darkness redskins Heisman watch John McAfee
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.