Thread: Nasty IE Zero-Day Used in Attacks Against Defense, Financial Sectors: FireEye
View Single Post
  #1   (View Single Post)  
Old 28th April 2014
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default Nasty IE Zero-Day Used in Attacks Against Defense, Financial Sectors: FireEye
From http://www.securityweek.com/nasty-ie...ectors-fireeye

Quote:
Researchers from FireEye have discovered a nasty zero-day exploit that bypasses the ASLR and DEP protections in Microsoft Windows and is being used in targeted attacks.

The security flaw is a remote code execution vulnerability (CVE-2014-1776) that affects versions of IE6 through IE11, which in total accounted for 26.25% of the browser market in 2013.

The campaign is currently targeting US-based firms tied to the defense and financial sectors, a FireEye spokesperson told SecurityWeek, and is specifically targeting IE9 through IE11.

“The exploit leverages a previously unknown use-after-free vulnerability, and uses a well-known Flash exploitation technique to achieve arbitrary memory access and bypass Windows’ ASLR and DEP protections,” FireEye wrote in a blog post Saturday.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote