1 Replies - 1092 Views - Last Post: 01 May 2014 - 10:22 AM

#1 jon.kiparsky  Icon User is offline

  • Pancakes!
  • member icon


Reputation: 7621
  • View blog
  • Posts: 12,849
  • Joined: 19-March 11

Latest IE Vulnerability - any further info?

Posted 01 May 2014 - 10:05 AM

https://technet.micr...tm_medium=email

Looking at this announcement, there's not a lot of detail about the mode of attack. Anyone got any further details? Boss is wondering how to figure out if we're vulnerable.
Is This A Good Question/Topic? 0
  • +

Replies To: Latest IE Vulnerability - any further info?

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9047
  • View blog
  • Posts: 33,959
  • Joined: 12-June 08

Re: Latest IE Vulnerability - any further info?

Posted 01 May 2014 - 10:22 AM

Quote

The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory has been released -- and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

Quote

An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

"The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft said. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

http://www.cnet.com/...versions-of-ie/


.. and this
http://threatpost.co...zero-day/105799
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1