Yet another IE 0-day found

Started by Gary, Nov 11, 2013, 17:18:17

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Gary

Nov 11, 2013, 17:18:17
Security researchers have discovered new zero-day vulnerabilities in Internet Explorer that are already being harnessed by hackers to run a new type of drive-by attack.

FireEye, the security firm that discovered the attack method, said that the flaw is present in various versions of Internet Explorer 7, 8, 9 and 10, while running Windows XP or Windows 7.

"The exploit leverage's a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution," FireEye explains. "It is one vulnerability being exploited in various different ways."

The IE flaw is unpatched and separate from the TIFF image-handling zero-day vulnerability that surfaced late last month – which is also under active attack.


Not a good few months for IE

http://www.theregister.co.uk/2013/11/11/ie_0day_menace/
Damned, if you do damned if you don't

stevenrw

#1
Nov 12, 2013, 22:46:27
They have also just disabled Gadgets on Windows 7, again apparently due to security vulnerabilities. Which means that the really useful ones I had (clock, calendar, weather and of course the really good IDNet bandwidth usage monitor) either don't display at all or do not display properly.
Thanks guys. Nice. I really liked those.

Simon

#2
Nov 12, 2013, 23:28:56
 :slap:
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.
Print
Go Up Pages1
User actions