Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

BitDefender closes vulnerability in IE 7

BitDefender UK : 22 May, 2008  (Technical Article)
Print vulnerability in latest Internet Explorer versions detected and closed out by BitDefender
Researchers from BitDefender have issued a signature update to protect users from a newly discovered vulnerability in Microsoft Internet Explorer 7.

The vulnerability exists in the way Microsoft Internet Explorer 7 (or higher) parses webpages in preparation for printing. This allows a remote attacker to execute arbitrary code on a victim's machine if the victim tries to print a specially-crafted webpage, while including a table of links. BitDefender is the first security vendor to issue an update, to protect against potential hacking attacks.

'The exploitable vulnerability results from a combination of coding mistakes and sloppy security thinking," said BitDefender Innovations Product Manager Alexandru Balan. "The code has numerous bugs but it is also executed in a lower-security context than it should be and the combination opens a way for hackers to compromise a system.'

BitDefender researchers warn that the exploit is well-suited for use in targeted attacks and advise all users of Internet Explorer who do not have BitDefender installed to refrain from printing webpages with the "Print Table of Links" option enabled until a fix is released. BitDefender is, as of the time of writing, the only company that has released a signature able to detect and block malicious code based on this exploit.


The vulnerability was discovered by independent security researcher Aviv Raffon, who also released the proof-of-concept code.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo