Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

+ - New IE Zero Day Found, Exploit Being Used in Targeted Attacks

Trailrunner7 writes: Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it. The bug is a use-after-free in the Microsoft HTML rendering engine and there is a fully working exploit being used in attacks right now.

“The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9,” Neil Sikka of Microsoft Engineering said. “The exploit was attacking a Use After Free vulnerability in IE’s HTML rendering engine (mshtml.dll) and was implemented entirely in Javascript (no dependencies on Java, Flash etc), but did depend on a Microsoft Office DLL which was not compiled with ASLR (Address Space Layout Randomization) enabled.

Attacks on the vulnerability are ongoing in Japan right now, but may spread quickly now that details of the problem are public.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New IE Zero Day Found, Exploit Being Used in Targeted Attacks

Comments Filter:

Adapt. Enjoy. Survive.

Working...