Posted on Friday, February 14 2014 @ 13:23 CET by Thomas De Maesschalck
ARS Technica
warns a new zero-day security vulnerability in Internet Explorer 9 and 10 is exploited in the wild to install malware on vulnerable computers. Security firm FireEye reports attackers compromised the website of vfw.org, the official website for the Veterans of Foreign Wars, and other sites to distribute the malware.
The FireEye researchers wrote:
After compromising the VFW website, the attackers added an iframe into the beginning of the website’s HTML code that loads the attacker’s page in the background. The attacker’s HTML/JavaScript page runs a Flash object, which orchestrates the remainder of the exploit. The exploit includes calling back to the IE 10 vulnerability trigger, which is embedded in the JavaScript. Specifically, visitors to the VFW website were silently redirected through an iframe to the exploit at www.[REDACTED].com/Data/img/img.html.
The attackers, who appear to be the same ones behind at least two other recent zero-day attacks, were able to exploit the underlying "use after free" bug in a way that modified memory at a specified address. That allowed them to bypass address space layout randomization (ASLR), a technique for minimizing the damage exploits can have by randomizing the memory locations where objects are loaded. By preventing attackers from knowing where in memory their malicious code will reside, ASLR greatly reduces the chances an exploit will succeed. The attackers behind this most recent exploit were able to modify arbitrary memory addresses, allowing them to bypass the ASLR protection.
Microsoft is aware of the attacks and is investigating the issue. The software giant recommends customers to upgrade to Internet Explorer 11 to mitigate the issue.
