Microsoft has announced the existence of a zero-day vulnerability (CVE-2013-3893) in its browser, Internet Explorer. Windows browsers IE 8 and IE 9 are both affected by a serious zero-day vulnerability recently being utilized in attacks.
Microsoft confirmed that the defect was unknown prior to the attacks and they are
now working on an official patch to protect their customers browser’s.
The official advisory issued today describes the IE zero-day vulnerability as a remote bug that could be exploited by hackers and install malware on the victim’s machine via a malicious link.
“The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”
Zero-day vulnerability in the browsers are by far the worst for home users and the possible risks associated with its exploitation, victims could be infected at any time.