Jump to content

Archived

This topic is now archived and is closed to further replies.

Juliet

IE 0-day attack

Recommended Posts

http://forums.whatthetech.com/index.php?showtopic=125146&do=findComment&comment=843738

 

 

FYI...

 

IE10 0-Day found in Watering Hole Attack

- http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html

Feb 13, 2014 - "FireEye Labs has identified a new Internet Explorer (IE) zero-day exploit hosted on a breached website based in the U.S. Its a brand new zero-day that targets IE 10 users visiting the compromised website a classic drive-by download attack. Upon successful exploitation, this zero-day attack will download a XOR encoded payload from a remote server, decode and execute it. This post was intended to serve as a warning to the general public. We are collaborating with the Microsoft Security team on research activities..."

 

- http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html

Feb 13, 2014 - "... Mitigation: The exploit targets IE 10 with Adobe Flash. It aborts exploitation if the user is browsing with a different version of IE or has installed Microsofts Experience Mitigation Toolkit (EMET). So installing EMET or updating to IE 11 prevents this exploit from functioning..."

 

Related: http://www.fireeye.com/blog/technical/cyber-exploits/2013/02/in-turn-its-pdf-time.html

Feb 13, 2013 - "... In response to the many requests weve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time."

 

- https://isc.sans.edu/diary.html?storyid=17642

Last Updated: 2014-02-14 04:11:27 UTC

___

 

- http://www.securitytracker.com/id/1029765

> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0322

Feb 14 2014

Impact: Execution of arbitrary code via network, User access via network

Vendor Confirmed: Yes

Description: ... A specific exploit is active that targets version 10 but -exits- if Microsofts Experience Mitigation Toolkit (EMET) is detected...

This vulnerability is being actively exploited...

FireEye reported this vulnerability.

Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: No solution was available at the time of this entry...

 

:ph34r::ph34r:

Share this post


Link to post
Share on other sites

×
×
  • Create New...