1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default A second 0-day vulnerability in Internet Explorer in just a few days !

    Hi !


    "New IE Zero-Day found in Watering Hole Attack
    November 8, 2013

    FireEye Labs has identified a new IE 0day exploit hosted on a breached website based in the US.
    It’s a brand-new IE 0-day that compromises anyone visiting a malicious website;
    classic drive-by download attack.
    The exploit leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution.



    Exploitation
    This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9.

    The memory access vulnerability is designed to work on Windows XP with IE 7 and 8, and on Windows 7. The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages.
    Based on our analysis, this vulnerability affects IE 7, 8, 9 and 10.
    This actual attack of this memory access vulnerability can be mitigated by EMET per Microsoft’s feedback.
    "

    New IE Zero-Day found in Watering Hole Attack | FireEye Blog

    Although the text is confusing regarding affected versions, it seems to be a good ideato avoid using IE....

    This is the SECOND 0-day vulnerability in just a few days !

    "Published: Tuesday, November 05, 2013
    Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync.
    Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Microsoft Office products.

    The vulnerability is a remote code execution vulnerability that exists in the way affected components handle specially crafted TIFF images."

    EMET:
    "The Enhanced Mitigation Experience Toolkit (EMET) helps mitigate the exploitation of this vulnerability by adding additional protection layers that make the vulnerability harder to exploit.
    EMET 4.0 is officially supported by Microsoft.
    At this time, EMET is only available in the English language.
    For more information, see Microsoft Knowledge Base Article 2458544."

    "EMET 4.0, in the recommended configuration, is automatically configured to help protect the affected software installed on your system.
    No additional steps are required."

    0-day Vulnerability in Microsoft Graphics Component !

    I suggest Firefox if you want another browser than IE:: Download Firefox ? Free Web Browser ? Mozilla
    Last edited by hackerman1; 10th November 2013 at 10:57.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22