Forgot your password?
typodupeerror

+ - New IE Zero Day Found, Exploit Being Used in Targeted Attacks

Submitted by Trailrunner7
Trailrunner7 (1100399) writes "Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it. The bug is a use-after-free in the Microsoft HTML rendering engine and there is a fully working exploit being used in attacks right now.

“The exploit we analyzed worked only on Windows XP or Windows 7 running Internet Explorer 8 or 9,” Neil Sikka of Microsoft Engineering said. “The exploit was attacking a Use After Free vulnerability in IE’s HTML rendering engine (mshtml.dll) and was implemented entirely in Javascript (no dependencies on Java, Flash etc), but did depend on a Microsoft Office DLL which was not compiled with ASLR (Address Space Layout Randomization) enabled.

Attacks on the vulnerability are ongoing in Japan right now, but may spread quickly now that details of the problem are public."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New IE Zero Day Found, Exploit Being Used in Targeted Attacks

Comments Filter:

"Engineering without management is art." -- Jeff Johnson

Working...