Posts Tagged ‘0-day exploit’

New Vulnerabilities

0day-exploit for Internet Explorer

Microsoft warns users of Internet Explorer, what the attackers began to exploit a new previously unknown 0-day vulnerability in browser IE 6-10.

Now specialists are working on the release of the patch, which will included in automatic updates. But the danger is so great that people are asked to self-install the patch Fix It, which released an emergency basis. Before you install it you need to install the September patch KB2870699.

Vulnerability CVE- 2013-3893 refers to the browser Microsoft Internet Explorer 6-10 under all versions of the OS, other than Server Core, and allows for remote code execution. According to the official description, the failure is due to improper browser access to an object in memory that has been deleted or incorrectly placed. Exploit the remote execution of code means that an attacker can install malicious software on your computer, just pointing it on outside web page (the attack drive-by). (more…)

Secunia logoSecunia accidentally published a 0-day exploit in an open mailing list

The Danish company Secunia, which specializes in gathering information about the vulnerabilities in different software products, accidentally sent the  letter to the open mailing list with the description of 0-day vulnerability and exploit.

Yesterday Secunia has officially apologized for the incident and explained that the error was due to the activation of the auto-complete email program. Head of Department Advisory Team named Chaitanya Sharma instead of sending a personal letter to the author exploit sent a letter to a public mailing list. (more…)

Malware Trojan HorseWhen a system compromise Trojan.Rodricter virus exploits a vulnerability CVE-2012-4681.

The company “Doctor Web” reports on the distribution of malware Trojan.Rodricter, which at breaking the system exploits a vulnerability CVE-2012-4681 in the JRE. Recall that on 26 August, the company FireEye, Atif Mushtaq announced the active exploitation of this vulnerability. The expert also noted that in the near future to exploit vulnerabilities in Java will become widely available, and the attackers are very actively using it. Total overnight company Rapid 7 introduced a module exploit platform Metasploit. This module exploits a vulnerability in JRE for the latest versions of browsers Mozilla Firefox, Internet Explorer, and Safari on platforms Linux, Windows and Macintosh. Owner of Oracle JRE took 4 days to release an update that will eliminate this vulnerability. (more…)