SHARE


A shocking news is coming for internet explorer users that a Zero-Day Vulnerability in Internet Explorer versions 7, 8 and 9 has been founded by a security researchers and it is affecting XP, Vista and Windows 7 also, so we are advising you that stop using internet explorer browser for some time until a patch for this vulnerability has been released by

Microsoft.


Eric Romang who has discovered a “/public/help” folder on the servers which was infected. In this he discovered One Flash File (.swf), two html page (Protect.html and exploit.html) and an exe file also founded by him.











When exploit.html page had been opened by him, it loaded the flash file which in turn loads the other two html page and together they help drop the executable file on the Victim’s computer.


After that a Metasploit Module has been developed byMetasploit team immediately, this module exploits vulnerability found in Microsoft Internet Explorer. When rendering an HTML page, the CMshtmlEd object gets deleted in an unexpectedly matter, but the same memory is reused again later in aCMshtmlEd::Exec() function, which causes an use-after-free condition. 


Our advice- Wait for the Patch from Microsoft for this.


Video related to this



NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.