|07 Feb 2011||#1|
| || |
MHTML 0-Day Vulnerability Won't be Patched Tomorrow
Microsoft is expected to provide fixes for two zero-day vulnerabilities tomorrow, but they don't include the MHTML remote code execution flaw revealed at the end of January.
In it's advance notification for the upcoming security bulletins, Microsoft announced that it will release two patches postponed last month.
They will cover a use-after-free vulnerability in Internet Explorer, identified as CVE-2010-3971, and originally disclosed at the beginning of December as a denial of service condition.
The flaw later proved exploitable for remote code execution and proof-of-concept attack code that bypasses DEP and ASLR protection was developed.
|My System Specs|
|Similar help and support threads for2: MHTML 0-Day Vulnerability Won't be Patched Tomorrow|
|cant' open mhtml files||General Discussion|
|0pen mhtml fles.||General Discussion|
|Hackers pounce on just-patched Windows Media vulnerability||Security News|
|Yesterday XP, Today Win 7, Tomorrow Win 8, Day after tomorrow what?||Chillout Room|
|Google Chrome Patched Against Zero-Day Flash Vulnerability||Security News|
|March Patch Tuesday didn't address MHTML vulnerability||Security News|
|Zero day vulnerability found in Windows MHTML renderer||Security News|