DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, ATi, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 30, 2014 
Main Menu

Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 95 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

RSS
RSS





 

IE 9/10 zero-day bug exploited in the wild

Posted on Friday, February 14 2014 @ 13:23:39 CET by


Microsoft logo
ARS Technica warns a new zero-day security vulnerability in Internet Explorer 9 and 10 is exploited in the wild to install malware on vulnerable computers. Security firm FireEye reports attackers compromised the website of vfw.org, the official website for the Veterans of Foreign Wars, and other sites to distribute the malware.
The FireEye researchers wrote:

After compromising the VFW website, the attackers added an iframe into the beginning of the website’s HTML code that loads the attacker’s page in the background. The attacker’s HTML/JavaScript page runs a Flash object, which orchestrates the remainder of the exploit. The exploit includes calling back to the IE 10 vulnerability trigger, which is embedded in the JavaScript. Specifically, visitors to the VFW website were silently redirected through an iframe to the exploit at www.[REDACTED].com/Data/img/img.html.

The attackers, who appear to be the same ones behind at least two other recent zero-day attacks, were able to exploit the underlying "use after free" bug in a way that modified memory at a specified address. That allowed them to bypass address space layout randomization (ASLR), a technique for minimizing the damage exploits can have by randomizing the memory locations where objects are loaded. By preventing attackers from knowing where in memory their malicious code will reside, ASLR greatly reduces the chances an exploit will succeed. The attackers behind this most recent exploit were able to modify arbitrary memory addresses, allowing them to bypass the ASLR protection.
Microsoft is aware of the attacks and is investigating the issue. The software giant recommends customers to upgrade to Internet Explorer 11 to mitigate the issue.


 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2014 DM Media Group bvba