Tag: internet explorer
-
Paper: The journey and evolution of God Mode in 2016: CVE-2016-0189
While avoiding the use of Flash is good advice for helping to fend off exploit kits, some of the vulnerabilities exploited by these kits actually target the browsers themselves. An important example of this is CVE-2016-0189, which affects Microsoft ‘s Internet Explorer browser versions 9 through 11. First discovered in the wild in targeted attacks…
-
Paper: The journey and evolution of God Mode in 2016: CVE-2016-0189
While avoiding the use of Flash is good advice for helping to fend off exploit kits, some of the vulnerabilities exploited by these kits actually target the browsers themselves. An important example of this is CVE-2016-0189, which affects Microsoft ‘s Internet Explorer browser versions 9 through 11. First discovered in the wild in targeted attacks…
-
VB2014 paper: Ubiquitous Flash, ubiquitous exploits and ubiquitous mitigation
Chun Feng and Elia Florio analyse two Flash Player vulnerabilities and an IE one where Flash provides a helping hand. Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we have added ‘Ubiquitous Flash, ubiquitous exploits and…
-
Microsoft offers fix-it for IE 8 zero-day
CVE-2013-1347 used in watering hole attacks. Following this weekend’s discovery of a new zero-day vulnerability in version 8 of Microsoft ‘s Internet Explorer browser, the company has released a ‘fix-it’ that addresses the known attack vectors. Last week (ironically on Labour Day), researchers at AlienVault discovered that the website of the US Department of Labor…
-
Internet Explorer zero-day used in the wild
Dropped PoisonIvy trojan linked to ‘Nitro’ attacks. Security researcher Eric Romang has discovered a new zero-day vulnerability in Internet Explorer that is currently being used in the wild by the ‘ Nitro ‘ gang. The attack, which is probably used in a drive-by download attack, starts with an HTML file that does some preparatory work…
-
Hefty Patch Tuesday bulletin rounds off bumper year
No sign of an end to vulnerability glut. Microsoft released its monthly Patch Tuesday security bulletin yesterday, with details of a hefty 17 alerts covering 40 separate vulnerabilities. Although only two of this month’s haul were marked as ‘Critical’, many others could be used to launch malicious attacks on vulnerable systems. The Critical alerts included…
-
IE zero-day bug fixed in Patch Tuesday updates
Serious browser bug main feature of monthly alerts, Adobe Flash issue also patched. Microsoft has released the December Patch Tuesday security bulletin, with a total of six alerts. The most significant issue covered is a serious vulnerability in the Internet Explorer browser software. Three of the six bulletins were marked as ‘Critical’, with vulnerabilities in…
-
Patch Tuesday brings little relief from browser exploits
Six fixes issued, but new IE zero day emerges along with Firefox flaw. Microsoft has issued its monthly ‘Patch Tuesday’ security update, with some serious browser flaws patched, but a new IE zero-day has been seen being exploited in the wild, and Firefox users have also been warned about a serious vulnerability. The Patch Tuesday…
-
Another IE zero day exploited
Second DirectShow vulnerability in six weeks labelled ‘extremely critical’. Microsoft has issued an advisory on a serious vulnerability in an ActiveX control in its Internet Explorer browser, the second zero-day alert in the same area of the product in recent months. The issue has been flagged as ‘extremely critical’ by vulnerability watchers at Secunia ,…
-
IE fixed as usual in Patch Tuesday release
Browser should be treated as special case, say some. The February ‘Patch Tuesday’ security bulletin from Microsoft this week contained four patches, two of them marked ‘Critical’, of which one was a ‘cumulative’ set of fixes for a selection of problems with the Internet Explorer browser. With flaws in the ubiquitous web-surfing tool a regular…