Microsoft has published a security alert about a vulnerability affecting Internet Explorer in the older 6 and 7 versions.
Microsoft is running a little late, but following the publication of the vulnerable code and confirmation by Symantec, they have published a security advisory relating to a vulnerability in Internet Explorer. For the time being, despite exploitation code being perfected, no attack has been reported.
According to Microsoft, the vulnerability exists in a non-validated reference pointer in Internet Explorer. Under certain conditions, it is possible to access a CSS/Style object once it has been deleted, with then being possible to exploit the vulnerability by remotely executing arbitrary code.
Microsoft has reported that versions 6 and 7 of Internet Explorer are vulnerable on the Windows 2000, Windows XP and Windows Vista (IE7) operating systems, although Symantec has stated that Vista isn’t affected. Microsoft nevertheless specifies that by activating the protected mode (by default) in IE7 under Windows Vista, the impact of the vulnerability is limited.
Internet Explorer version 8 is not affected by this vulnerability and it should be noted that it is difficult to estimate the danger of the problem. Symantec for example has classified the problem as very low, while Secunia has classified it as highly critical.
According to the Net Applications statistics, Internet Explorer’s market share is greater then 64 %. The most widely used version is still 6.0 with more then 23%, while versions 7.0 and 8.0 are both around the 18% mark.