New Internet Explorer zero-day EXPLOIT released - Hack Reports

Breaking

Friday, October 19, 2012

New Internet Explorer zero-day EXPLOIT released


New Internet Explorer zero-day EXPLOIT released

The new zero day exploit Of Internet Explorer has been discovered. By using this Exploit attacker can load malicious application on victim machines even on fully patched Windows XP SP3 as per Information IE 7 and IE 8 browser with Adobe's Flash software are Vulnerable to this Exploit.

"The gang behind the Java attacks in August and September may be moving on: with domains used in that attack located at new IP addresses and serving up the new and more Dangerous attacks." said Jaime Blasco researcher at AlienVault Labs  

Eric Romang was examining one of the servers used to launch attacks on vulnerable Java installations in past, and he says that he has found a new zero day exploit for Microsoft's Internet Explorer web browser. He said, "I can confirm, the zero-day season is really not over yet."

As shown in above image example, the file exploit.html creates the initial vector to exploit the vulnerability which further loads the flash file Moh2010.swf, which is encrypted using DoSWF. The Flash file is in charge of doing the heap spray. Then it loads Protect.html. Metasploit has released a working exploit for this Zero-day.

No comments:

Post a Comment