So another IE 0-Day has been uncovered, and is in use in the wild for drive-by attacks on unwitting web users. I have to say, technically speaking, this attack is rather impressive – in terms of the exploit, the delivery method and the way that it runs. It retrieves the PE headers from a DLL […]
IE-security
Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability
There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been known about for at […]
Clever Attack Allows Theft Of Names & Addresses From IE & Safari
There has been some very clever attacks lately, especially involving browsers and the kind of data they can leak when probed the right way. The biggest press recently was generated by the history leak that occurs in most browsers. Another clever attack that got some coverage lately was tabnapping and the latest is another fascinating […]
Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability
What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April. Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow […]
Microsoft Releases Out-Of-Band Patch For IE 0-Day Vulnerability
[ad] Ah Microsoft is treating this one seriously after France and Germany advised users to avoid IE. The current strain being exploited only targets IE6 users, but one security company has developed an exploit for IE8 which also bypasses DEP (Data Execution Prevention). It was rumoured this was the exploit used last week to compromise […]