The Latest in IT Security

New Internet Explorer Zero-Day Vulnerability Exploited in the Wild

18
Sep
2012

Eric Roman has released a blog about the Microsoft Internet Explorer Image Arrays Remote Code Execution Vulnerability, a possible zero-day vulnerability in Internet Explorer that is being exploited in the wild. We have confirmed this vulnerability affects versions 9, 8, and 7 of the Internet Explorer browser. Microsoft has not yet confirmed and released an official statement about this vulnerability.

The exploit is made up of four main components:

  1. The Exploit.html file is the starting point responsible for setting up the exploit. After setting up necessary conditions for the vulnerability it will invoke the Moh2010.swf file.
  2. The Moh2010.swf Flash file is responsible for spraying the heap with the payload that will be executed. After setting up the payload it will invoke the vulnerability trigger Protect.html file by opening it in an IFRAME window.
  3. The Protect.html file is the actual trigger of the vulnerability responsible for executing the malicious payload set up by the Moh2010.swf file.
  4. The payload will download additional malicious executables and run them on the compromised system.

Interestingly, this exploit was hosted on the same servers used in the Nitro attack.

As always, we recommend that you follow best security practices and ensure you have the most up-to-date software patches installed. Use the latest Symantec technologies and virus definitions for the best protection against threats.

Leave a reply


Categories

THURSDAY, AUGUST 16, 2018

Featured

Archives

Latest Comments

Social Networks