DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
February 26, 2020 
Main Menu
News archives

Who's Online
There are currently 59 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

IE 9/10 zero-day bug exploited in the wild

Posted on Friday, February 14 2014 @ 13:23:39 CET by

Microsoft logo
ARS Technica warns a new zero-day security vulnerability in Internet Explorer 9 and 10 is exploited in the wild to install malware on vulnerable computers. Security firm FireEye reports attackers compromised the website of vfw.org, the official website for the Veterans of Foreign Wars, and other sites to distribute the malware.
The FireEye researchers wrote:

After compromising the VFW website, the attackers added an iframe into the beginning of the website’s HTML code that loads the attacker’s page in the background. The attacker’s HTML/JavaScript page runs a Flash object, which orchestrates the remainder of the exploit. The exploit includes calling back to the IE 10 vulnerability trigger, which is embedded in the JavaScript. Specifically, visitors to the VFW website were silently redirected through an iframe to the exploit at www.[REDACTED].com/Data/img/img.html.

The attackers, who appear to be the same ones behind at least two other recent zero-day attacks, were able to exploit the underlying "use after free" bug in a way that modified memory at a specified address. That allowed them to bypass address space layout randomization (ASLR), a technique for minimizing the damage exploits can have by randomizing the memory locations where objects are loaded. By preventing attackers from knowing where in memory their malicious code will reside, ASLR greatly reduces the chances an exploit will succeed. The attackers behind this most recent exploit were able to modify arbitrary memory addresses, allowing them to bypass the ASLR protection.
Microsoft is aware of the attacks and is investigating the issue. The software giant recommends customers to upgrade to Internet Explorer 11 to mitigate the issue.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba