0-day vulnerability in Internet Explorer 6, 7 and 8

0-day vulnerability in Internet Explorer 6, 7 and 8
Microsoft just published an advisory about a critical security vulnerability in all versions of Internet Explorer (apart from 5 – but no one has that around anymore, right?). While all versions of Internet Explorer are affected, the risk for everyone running Internet Explorer 8 is lower since it has DEP (Data Execution Prevention) enabled by default. DEP makes exploitation of this vulnerability more difficult so as a temporary workaround you might want to enable it for older IEs (keep in mind that it might break some add-ons). Microsoft says that so far they only saw exploits against Internet Explorer 6. In a related post (here) McAfee said that this vulnerability was (one of those) used to compromise Google. So, it appears that it was maybe even a cocktail of 0-day exploits used (IE + Adobe). -- Bojan INFIGO IS I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2022 - Berlin	Bojan 402 Posts ISC Handler Jan 14th 2010
Thread locked Subscribe	Jan 14th 2010 1 decade ago
So if I were a bad guy, I'd post a malware laden website for Haitian donations, and exploit this latest IE vulnerability...but hey, what's the chances of somebody doing this, hah! Never happen right?	Anonymous
Quote	Jan 15th 2010 1 decade ago
The exploit is live and in the wild. Here is a video of it being used via Metasploit: http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/	Anonymous
Quote	Jan 16th 2010 1 decade ago
Firefox and NoScript more than handle this. Interestingly enough, both France and Germany have recommended their citizens switch from IE to an alternative browser; it looks like tech guys aren't the only ones expecting a massive fallout over this.	computerfreaker 4 Posts
Quote	Jan 18th 2010 1 decade ago