Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0-day exploit for Internet Explorer in the wild


  • Please log in to reply
3 replies to this topic

#1 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 11 December 2008 - 05:51 PM

http://isc.sans.org/diary.html?storyid=5458

Here are couple of updates regarding the latest 0-day.
As noted in Microsoft's advisory, Windows Server 2008 and Vista (both SP0 and SP1) are affected as well. The exploit for Windows Vista is publicly available now as well, but most malicious web sites still use the exploit I analyzed yesterday, so they are attacking only Windows XP and Windows 2003 machines.

It also appears that more attackers are now using this ..............................

EDIT: (Use link above for more info)
IE7 0day expanded to include IE6 and IE8(beta)
Published: 2008-12-12,
Last Updated: 2008-12-12 01:26:35 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Microsoft has updated Security Advisory (961051) to include Microsoft Internet Explorer 6 and Windows Internet Explorer 8(beta).

This is the vulnerability discussed is these recent articles:

Edited by buddy215, 12 December 2008 - 07:28 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

BC AdBot (Login to Remove)

 


#2 Lloyd T

Lloyd T

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:10 PM

Posted 12 December 2008 - 04:30 PM

What's the patch for this?

#3 buddy215

buddy215
  • Topic Starter

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 12 December 2008 - 04:41 PM

Do not use IE. Use another browser such as Firefox.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Lloyd T

Lloyd T

  • Members
  • 853 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:01:10 PM

Posted 12 December 2008 - 04:43 PM

I'm currently using Firefox 3. But my other computer is using IE7 (oh no!). Did Microsoft realese a patch for this yet? Can this vulnerability be exploited even if the application isn't running?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users