IE Zero-Day Vulnerability Exploiting msvcrt.dll, (Sat, Nov 9th)

FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10.

According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available here.


[1] http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html
[2] https://isc.sans.edu/forums/diary/EMET+40+is+now+available+for+download/16019
[3] http://www.microsoft.com/en-us/download/details.aspx?id=39273

———–

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

CyberSafe-WP-Admin