HP researchers published a zero day exploit που μπορεί να χρησιμοποιηθεί για επιθέσεις σε μια αδυναμία του Internet Explore. The researchers published the exploit after Microsoft refused to issue a patch.
In a post on the company's blog, Dustin Childs, HP's senior security content developer, said the exploit publishing move could be considered "bad," but he followed the disclosure policy.
"Microsoft has confirmed to us that it does not intend to release a patch for the security breach, and we felt the need to release the information to the public," said Childs.
The bug allows an attacker to bypass the Address Space attribute layout Randomization (ASLR), το οποίο ενεργεί ως μία από τις πολλές γραμμές άμυνας στο δημοφιλές πρόγραμμα περιήγησης.
Zero day exploit affects only 32-bit systems, but HP researchers said the error still affects millions of systems, even if most of them are now 64-bit.
Childs, who reported the error to Microsoft, said the response from the company was "technically correct." He thus punished the company's decision not to correct the error.
The HP Team even a PoC was released which proves that the error exists in the Windows 7 and 8.1.
