Researchers reveal attack code for new IE zero-day

View previous topic View next topic Go down

Researchers reveal attack code for new IE zero-day

Post by DarthTrader on 22/12/2010, 17:13

http://www.computerworld.com/s/article/9202001/Researchers_reveal_attack_code_for_new_IE_zero_day
Microsoft investigates unpatched IE vulnerability, exploit that bypasses ASLR and DEP on Windows 7

By Gregg Keizer
December 22, 2010 06:43 AM ET

Computerworld - Security researchers have released attack code that exploits an unpatched bug in Microsoft's Internet Explorer (IE) and sidesteps defenses baked into Windows 7.

Microsoft said it was looking into the vulnerability.

"Microsoft is investigating new public claims of a possible vulnerability in Internet Explorer," said Dave Forstrom, the director of Microsoft's Trustworthy Computing group, in statement. "We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."

The bug first surfaced earlier this month when French security firm Vupen announced it had uncovered a flaw in IE's HTML engine that could be exploited when the browser processed a CSS (Cascading Style Sheets) file that included "@import" rules. The @import rules let Web designers add external style sheets to an existing HTML document.
[...]
Unlike some other recent IE bugs, this one can be exploited on the newest browser, IE8, running on Microsoft's newest OS, Windows 7, by defeating the latter's DEP (data execution prevention) and ASLR (address space layout randomization) anti-exploit defenses.
[...]

DarthTrader
Member
Member

Posts : 21
Join date : 2010-07-28

View user profile

Back to top Go down

Re: Researchers reveal attack code for new IE zero-day

Post by p2u on 24/12/2010, 12:25

DarthTrader wrote:Researchers reveal attack code for new IE zero-day
I've seen some samples of code. Yes, it's impressive. Even DEP, ASLR and other over-hiped 'security' solutions are powerless against it, but I've finally decided to ignore such articles. Security researchers tend to reveal too much for comfort if you ask me, and mostly for self-serving purposes. Marcus Ranum wrote a nice rant about it: The motives behind vulnerability disclosure

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum