security advisory on Thursday following a critical and unpatched vulnerability in Internet Explorer (IE), which paved way for the attack that hit Google and 33 other companies in December leveraged a zero-day flaw in Internet Explorer. Google acknowledged that the attack had resulted in the theft of some of its intellectual property in a blog post on Tuesday.Microsoft issued a
The advisory in-part stated that the vulnerability exists as an invalid pointer reference within Internet Explorer, and that in a specially-crafted attack, Internet Explorer can be caused to allow remote code execution, in attempting to access a freed object.
The following versions of Internet Explorer: IE 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected. Whereas, Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected.
However, protected Mode in Internet Explorer on Windows Vista and later Windows operating systems limits the impact of the vulnerability, according to the report.
Microsoft on its part have disclosed plans to providing a solution through their monthly security update release process, or an out-of-cycle security update, with the next scheduled Microsoft Patch Tuesday billed for 9th February.