It hasn’t been too long since the last serious Internet Explorer 0-day, back in November it was used in drive-by attacks – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. And earlier last year there was an emergency patch issued – Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit. […]
IE-exploit
Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks
So another IE 0-Day has been uncovered, and is in use in the wild for drive-by attacks on unwitting web users. I have to say, technically speaking, this attack is rather impressive – in terms of the exploit, the delivery method and the way that it runs. It retrieves the PE headers from a DLL […]
Internet Explorer Zero-Day Accidentally Leaked To Chinese Hackers
First up, happy new year – let’s hope 2011 is an interesting year for the infosec community. Anyway today’s story is about the recently released tool cross_fuzz by Michal Zalewski and an inadvertent leak that have occurred. tl;dr version is something like this: Michal Zalewski writes a DOM fuzzer, fuzzes IE, finds flaws, Chinese dudes […]
Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability
[ad] Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE. The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention). It was rumoured this was the exploit used last week to compromise […]
IE7 Exploit Also Affects IE5, IE6 and IE8! More Users In Trouble
[ad] I’m sure you’ve heard about the Microsoft IE7 Exploit that allows Remote Code Execution on XP & Vista, it turns out it’s actually much worse than first expected. The exploit also affects IE5.01, IE6 and IE8 on all OS versions! That’s a pretty worrying turn of events for MS especially as they are seemingly […]