<<<
NEWS FROM THE LAB - Tuesday, September 18, 2012
>>>
 

 
Internet Explorer Zero-Day and Safe Browsing Posted by Karmina @ 14:36 GMT

The people behind the Java zero-day CVE-2012-4681 have been busy. It was only a few weeks ago that the Java vulnerability was made public and now they have again discovered a hole in Internet Explorer versions 6, 7, 8 and 9.

A code exploiting this vulnerability has been discovered in the wild wherein the malicious webpage loads a flash file that causes a heap spray to load another file. After which this other file will check for the exploitable IE versions and trigger the vulnerability which leads to the download of a malicious payload. The exploitation is discussed here in detail.

Microsoft has responded and released an advisory for this. However, they did not yet specify an ETA for the fix.

We have released these detections for samples related to the exploit that targets this vulnerability:

Exploit:W32/Defeater.B
Exploit:W32/Defeater.C
Exploit:W32/SWFdloader.R
Trojan.Dropper.UIU

However, given that the code is already very visible as there's now a metasploit module, we strongly suggest to not solely rely on those detections but to also be vigilant in further protecting yourselves from other possible implementations. It used to be that when it's IE and zero-day, all the alarm bells sound off and the administrators helplessly panic at a possible outbreak that may be caused by an exploitation. However, times have changed and there are now more options out there for anyone. While the vulnerability has not yet been patched, please use a different browser. You can take a pick from Chrome, Firefox or Internet Explorer 10 for now.

IE 10 is not affected with this vulnerability.