Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New IE Zero-Day Being Exploited in the Wild

wiredmikey (1824622) writes | about 2 years ago

Microsoft 0

wiredmikey (1824622) writes "A new zero-day vulnerability affecting Internet Explorer is being exploited in the wild, and affects IE 9 and earlier. The vulnerability, if exploited, would allow full remote code execution and enable an attacker to take over an affected system.

Security researcher Eric Romang discovered the vulnerability and exploit over the weekend while monitoring some infected servers said to be used by the alleged Nitro gang. To run the attack, a file named “exploit.html” is the entry point of the attack, which loads “Moh2010.swf”

According to analysis by VUPEN, the exploit takes advantage of a “use-after-free vulnerability” that affects the mshtml.dll component of Internet Explorer.

Rapid7 on Monday released an exploit module for Metaspolit which will let security teams and attackers alike test systems.

As mentioned, Romang's first found the new zero-day code on the same server that was initially used to spread the recent Java zero-day, making people think they if both codes were not created by the same group, they are at least related.

Internet Explorer users should be consider switching to other browsers, such as Chrome or Firefox for the time being.

From what has been seen so far, the in-the-wild exploit only targets IE 8 and 7 on Windows XP only."

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>