Internet Explorer 8 under threat in India: Cyber agency

NEW DELHI: Cyber security sleuths have alerted Indian users against a "high" level virus activity in a select version of popular Microsoft-owned web browser - the Internet Explorer.

The vulnerability, which once activated may compromise the privacy of a user's computer system, has been detected in the Microsoft Internet Explorer version "8" by the Computer Emergency Response Team of India (CERT-In), the country's nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.

The severity of the malfunctioning has been categorised as "high" by the agency.

"A use-after-free vulnerability has been reported in Microsoft Internet Explorer (version 8) which could allow an unauthenticated remote attacker to execute arbitrary code on a target system.

"The vulnerability exists due to improper handling of CMarkup objects within "CMarkup::CreateInitialMarkup". An unauthenticated, remote attacker could exploit this issue by enticing a user to view specially crafted HTML document triggering a memory corruption," the advisory said.

It added that the successful exploitation of this malfunctioning "could allow the attacker to execute arbitrary code on the system with the privileges of the targeted user."

"This essentially means that if the malfunctioning gets activated it could harm the privacy and private information of the users' computer," a cyber security official said.

The agency has asked Internet users to upgrade their Microsoft Internet explorer to version "11".

Some of the other counter-measures suggested by the agency include deploying and configuring the Microsoft Enhanced Mitigation Experience Toolkit (EMET) for Internet Explorer, setting the Internet security zone to "high" to block ActiveX controls and active scripting and configuring Internet Explorer to prompt before running active scripting or to disable active scripting in the Internet and local intranet security zone.