The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,917 other followers

Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.

Posted by jpluimers on 2012/09/20


  • Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.
  • Resolution: Deploy EMET or stop using IE and other products using mshtml.dll until Microsoft delivers a patch.

Earlier this week a zero-day vulnerability in the mshtml.dll was made public. This DLL is used by almost all Internet Explorer versions (6-9 are vulnerable) and many other software products (almost anything from Microsoft and a lot of 3rd party software that displays a web page on Windows).

While Microsoft is building a fix that is to be released very soon now (probably tomorrow, Friday September 21st 2010), the official resolutions are not to use the mshtml.dll at all (impractical for many people), or deploy EMET (impractical too as it requires administrative privileges).

If you can, switch to a browser that uses a different layout engine than mshtml.dll (for instance browsers based on WebKit will do).

These pages are good starting points for more information:

Particularly interesting posts:


8 Responses to “Zero day vulnerability in mshtml.dll used by Internet Explorer 6, 7, 8 and 9, and many other products.”

  1. Petr Vones said

    Security update is scheduled for today

  2. Petr Vones said

    There is “Fix It” workaround available

  3. IL said

    Why EMET is considered impractical? It’s easy to deploy and configure.

    • jpluimers said

      Impractical because lot’s of people don’t have administrative access to their computers.

      • Petr Vones said

        Well, it is up to administrators of their computers to care about that.

      • IL said

        Thanks for the link to a very good article on configuring EMET
        I hope it can prevent some 0-day Java/PDF/Flash exploits too. Pesonally I’m using EMET at my home and work computers for some time, but have seen it triggered only once.

      • IL said

        Not once but twice:
        on 2012/08/21 EMET detected MandatoryASLR mitigation and will close the application: C:\Program Files\totalcmd\TOTALCMD.EXE
        on 2012/07/30 EMET detected SEHOP mitigation and will close the application: C:\MinGW\msys\1.0\home\admin\farmanager\unicode_far\Release.32.gcc\Far.exe
        Far was compiled from sources. Not sure what version of Total Commander triggered MandatoryASLR.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: