A Security researcher has come across a new zero-day IE exploit while analyzing a malware page that was being used to exploit Java vulnerabilities. According to Metasploit team, the Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7 are vulnerable to this attack.
Eric Romang has discovered a “/public/help” folder on one of the infected servers . He found one flash file(.swf) , two html page (protect.html,exploit.html) and exe file.
When he opened the exploit.html page, it loads the flash file ,which in turn loads the other HTML page( protect.html). Together, they help drop the executable on to the victim's computer.
Metasploit team immediately developed Metasploit module for this exploit. According to Metasploit researchers, the exploit, which had already been used by malicious attackers in the wild before it was published in Metasploit, is affecting about 41% of Internet users in North America and 32% world-wide.
Since Microsoft has not released a patch for this vulnerability yet,we advice IE users to switch to other browser until a security update becomes available
Eric Romang has discovered a “/public/help” folder on one of the infected servers . He found one flash file(.swf) , two html page (protect.html,exploit.html) and exe file.
When he opened the exploit.html page, it loads the flash file ,which in turn loads the other HTML page( protect.html). Together, they help drop the executable on to the victim's computer.
Metasploit team immediately developed Metasploit module for this exploit. According to Metasploit researchers, the exploit, which had already been used by malicious attackers in the wild before it was published in Metasploit, is affecting about 41% of Internet users in North America and 32% world-wide.
Since Microsoft has not released a patch for this vulnerability yet,we advice IE users to switch to other browser until a security update becomes available
0 comments:
Post a Comment