Researchers reveal attack code for new IE zero-day
2 posters
Page 1 of 1
Researchers reveal attack code for new IE zero-day
http://www.computerworld.com/s/article/9202001/Researchers_reveal_attack_code_for_new_IE_zero_day
Microsoft investigates unpatched IE vulnerability, exploit that bypasses ASLR and DEP on Windows 7
By Gregg Keizer
December 22, 2010 06:43 AM ET
Computerworld - Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.
Microsoft said it was looking into the vulnerability.
"Microsoft is investigating new public claims of a possible vulnerability in Internet Explorer," said Dave Forstrom, the director of Microsoft's Trustworthy Computing group, in statement. "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine that could be exploited when the browser processed a CSS (Cascading Style Sheets) file that included "@import" rules. The @import rules let Web designers add external style sheets to an existing HTML document.
[...]
Unlike some other recent IE bugs, this one can be exploited on the newest browser, IE8, running on Microsoft's newest OS, Windows 7, by defeating the latter's DEP (data execution prevention) and ASLR (address space layout randomization) anti-exploit defenses.
[...]
DarthTrader- Member
- Posts : 21
Join date : 2010-07-28
Re: Researchers reveal attack code for new IE zero-day
I've seen some samples of code. Yes, it's impressive. Even DEP, ASLR and other over-hiped 'security' solutions are powerless against it, but I've finally decided to ignore such articles. Security researchers tend to reveal too much for comfort if you ask me, and mostly for self-serving purposes. Marcus Ranum wrote a nice rant about it: The motives behind vulnerability disclosureDarthTrader wrote:Researchers reveal attack code for new IE zero-day
Paul
p2u- Valued Member
- Posts : 211
Join date : 2010-12-14
Similar topics
» Researchers bypass Internet Explorer Protected Mode
» Digitally Signed Malware Is Increasingly Prevalent, Researchers Say
» Web-based keylogger attack?
» Vulnerability in Windows Shell Could Allow Remote Code Execution
» Vulnerability in TCP/IP Could Allow Remote Code Execution
» Digitally Signed Malware Is Increasingly Prevalent, Researchers Say
» Web-based keylogger attack?
» Vulnerability in Windows Shell Could Allow Remote Code Execution
» Vulnerability in TCP/IP Could Allow Remote Code Execution
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|