14 DAY TRIAL // A security company thought that the latest Internet Explorer bug was particularly dangerous and decided to release their own solution before Microsoft's April 11 one.
eEye Digital Security released a temporary workaround which fixes the vulnerability caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control.
As we reported a few days ago, this can be exploited by a malicious web site to corrupt memory in a way which allows the program flow to be redirected to the heap.
eEye Digital Security says there have been numerous reports of this vulnerability being used on various websites in attempts to install Spyware and remote control "bot" software for use in Distributed Denial of Service (DDoS) attacks.
Although the MSRC ((Microsoft Security Response Center) engineers are aware of the vulnerability and are working on an update, it seems that it will only be available on April 11. Until then, they recommend users to deactivate the Active Scripting option, thus preventing the exploitation.
Inspired by Bugzilla, Microsoft announced Friday its own Internet Explorer bug database, which can be accessed with a Passport account. The service is currently in beta.
According to ComputerWorld, this is not the first time users can update the Internet Explorer with a third-party solution, in December, Ilfak Guilfanov, a developer with DataRescue SA, offering a patch for a bug before the Redmond company. eEye Digital Security's patch is free, has been certified by Softpedia as being 100% CLEAN and is available for download here.