Here is a technical explanation of Security Advisory 2934088 from SecurityWeek. It explains how the vulnerability allows an attacker to use JavaScript to manipulate the use-after-free condition and Adobe Flash to bypass Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
Microsoft Releases Fix It Tool to Address IE 10 Attacks
From the article above, Microsoft's Security Response Center's Neil Sikka's explanation & remediation steps (includes a link to the FixIt tool).
Fix it tool available to block Internet Explorer attacks leveraging CVE-2014-0322
No comments:
Post a Comment