Critical Vulnerability Information Affected Systems Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Overview An unpatched use-after-free vulnerability in Internet Explorer versions 6, 7, 8, and 9 is being exploited in the wild. No patch was available at the time of the alert. Impact A remote, unauthenticated attacker could: - Execute arbitrary code - Cause a denial of service - Gain unauthorized access to files or system Solution Review Microsoft Security Advisory 2757760 and implement the recommended mitigation techniques. Use Microsoft Enhanced Mitigation Experience Toolkit (EMET) for additional protection. References Microsoft Security Advisory (2757760) MSRC Blog: Microsoft Releases Security Advisory 2757760 Download Microsoft EMET 3.0 US-CERT Vulnerability Note VU#480095 Revisions September 18, 2012: Initial release September 19, 2012: Updated Alert Code TA12-262A