SCF Portal Stats

Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42947
  • Total Topics: 16146
  • Online Today: 4867
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

« previous next »
Pages: [1]

Author Topic: Active Zero-Day Exploit Targets Internet Explorer Flaw  (Read 2340 times)

0 Members and 2 Guests are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Active Zero-Day Exploit Targets Internet Explorer Flaw
« on: 13. June 2012., 11:51:23 »

Active Zero-Day Exploit Targets Internet Explorer Flaw

 On June 1, McAfee Labs discovered a new Microsoft Internet Explorer zero-day attack that is active in the wild and exploits a use-after-free vulnerability. We have successfully reproduced it with the latest IE8 and Windows 7. We have confirmed it’s a zero day and have been working with the Microsoft security team for their solutions. Today, Microsoft released the patch for MS12-037 and CVE-2012-1875, which Microsoft assigned to the issue we identified. At Microsoft’s request, we coordinated the release of this blog with the release of the patch.

The exploit works across all major Windows platforms, including Windows Vista and Windows 7. It leverages return-oriented programming (ROP) exploitation technology to bypass with data execution (DEP) and address space layout randomization (ASLR) protections, and hook-hopping evasion techniques to evade host-based IPS detections. It requires the victim’s system to run an old Java virtual machine that came with a non-ASLR version of msvcr71.dll. If Java is not installed or there is no non-ASLR version of msvcr71.dll in the system, the exploit won’t work, although it will cause IE to crash.

On Windows XP, the vulnerability can be reliably exploited without any third-party component. We found the exploit tried to download and execute a binary from a remote server. The server was hosted by Yahoo and was taken down the same day we reported this to Microsoft.

McAfee NSP customers are protected by signature 0x402be000, HTTP: Microsoft Internet Explorer Same ID Property Remote Code Execution. McAfee will release a Security Advisory with coverage details on all McAfee products.

I thank my colleagues Zheng Bu and Bing Sun for their analysis of the vulnerability and exploit.


Orginal article: Tuesday, June 12, 2012 at 1:02pm by Yichong Lin

Logged
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info

Active Zero-Day Exploit Targets Internet Explorer Flaw
« on: 13. June 2012., 11:51:23 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Microsoft's patch for MS12-037 and CVE-2012-1875
« Reply #1 on: 13. June 2012., 20:02:03 »
Thanks for warning pal. :thumbsup:

Here is Microsoft's patch for MS12-037: http://technet.microsoft.com/en-us/security/bulletin/ms12-037

Logged

Samker's Computer Forum - SCforum.info

Re: Microsoft's patch for MS12-037 and CVE-2012-1875
« Reply #1 on: 13. June 2012., 20:02:03 »
Pages: [1]
« previous next »
 

+ Quick Reply

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising