I have been recommending home users move away from using Internet Explorer for years. Unless you have an application that requires the use of IE there is no reason not to switch. This weekend news of zero day attacks against IE7 have come out.

…The vulnerability is an invalid pointer reference in the data binding function of Internet Explorer. In its default state — when data binding is enabled, that is — certain conditions allow the release of an object without updating the array length, which makes it possible to access the deleted object’s memory space.

…

In other words, someone could attack IE 7 by filling the process stack with a tremendous amount of memory, explained Jeff Debrosse, research director at ESET.

When IE subsequently crashes, it’s left in a state that makes it vulnerable to a remote exploit, he told TechNewsWorld.

Hackers would then be able to inject a wide variety of malware — for example, keyloggers or hijackers — into a system…

You can read the full story here.

Dave

Because I.T. can