Cyber agency finds 'high risk' virus in Internet Explorer 8, warns Indian usersWritten by Manish Singh on May 27, 2014 - 11:02AM @refsrc
Several cyber security firms have warned Indian users about the “high” level of virus activity found in the Internet Explorer 8. Discovered by Computer Emergency Response Team of India (CERT-In), the country's defenses of the Indian Internet domain present a vulnerability which exposes users' privacy.
The cyber security sleuths categorized this threat level as “high”. "A use-after-free vulnerability has been reported in Microsoft Internet Explorer (version 8) which could allow an unauthenticated remote attacker to execute arbitrary code on a target system."
“The vulnerability exists due to improper handling of CMarkup objects within "CMarkup::CreateInitialMarkup". An unauthenticated, remote attacker could exploit this issue by enticing a user to view specially crafted HTML document triggering a memory corruption," the advisory said.
If an attacker is able to successfully exploit the vulnerability, the privacy of the targeted user can then be easily exploited. This could "allow the attacker to execute arbitrary code on the system with the privileges of the targeted user. This essentially means that if the malfunctioning gets activated it could harm the privacy and private information of the users' computer," a cybersecurity official said.
If you’re using Internet Explorer 8, the agency suggests you to upgrade to version 11. Furthermore, the company also recommends using Microsoft Enhanced Mitigation Experience Toolkit (EMET) for Internet Explorer. You should also change your Internet Settings to adjust security zone to “high” to block ActiveX controls and active scripting. Also, enable the prompts before running active scripting, or better to disable active scripting altogether.