Researchers by FireEye security company have identified a new zero-day exploit Internet Discover on a hacked website.
This exploit targets English versions of Internet Explorer 7 and 8 in Windows XP and IE8 in Windows 7. OR FireEye says their analysis shows that vulnerability affects the versions of IE 7, 8, 9 and 10.
The security company did not report whether IE10 for Windows 8 was affected or tested the new IE11 browser.
There are two vulnerabilities που εμπλέκονται στην επίθεση: η ευπάθεια αποκάλυψης πληροφοριών την οποία το exploit χρησιμοποιεί για να ανακτήσει το timestamp από τις κεφαλίδες PE του msvcrt.dll (part of Microsoft Visual C ++ runtime). The second is an out-of-bounds memory access vulnerability used to run code.
Many versions of msvcrt.dll are used for distribution, so exploit sends the timestamp back to the attacker's server, which returns a out-of-bounds exploit especially for version of the user.
Το exploit περιλαμβάνει ένα “ROP chain” σύμφωνα με την FireEye. Το “ROP chain” σημαίνει Address Space Layout Randomization (ASLR), μια τεχνική που συνήθως μπλοκάρεται από την τυχαία ρύθμιση της layoutς Address Space ( ASLR ) και υπάρχει από τα Windows Vista και μετά.
FireEye is currently working with Microsoft to solve the problem. The report states that vulnerability can be mitigated by its use Enhanced Mitigation Experience Toolkit (EMET) 4.0, Microsoft's obvious emphasis on msvcrt.dll. Be careful as you may have copies of multiple versions of this DLL on your system.
