Posts Tagged ‘0-day vulnerability’

New Vulnerabilities

0day-exploit for Internet Explorer

Microsoft warns users of Internet Explorer, what the attackers began to exploit a new previously unknown 0-day vulnerability in browser IE 6-10.

Now specialists are working on the release of the patch, which will included in automatic updates. But the danger is so great that people are asked to self-install the patch Fix It, which released an emergency basis. Before you install it you need to install the September patch KB2870699.

Vulnerability CVE- 2013-3893 refers to the browser Microsoft Internet Explorer 6-10 under all versions of the OS, other than Server Core, and allows for remote code execution. According to the official description, the failure is due to improper browser access to an object in memory that has been deleted or incorrectly placed. Exploit the remote execution of code means that an attacker can install malicious software on your computer, just pointing it on outside web page (the attack drive-by). (more…)

Secunia logoSecunia accidentally published a 0-day exploit in an open mailing list

The Danish company Secunia, which specializes in gathering information about the vulnerabilities in different software products, accidentally sent the  letter to the open mailing list with the description of 0-day vulnerability and exploit.

Yesterday Secunia has officially apologized for the incident and explained that the error was due to the activation of the auto-complete email program. Head of Department Advisory Team named Chaitanya Sharma instead of sending a personal letter to the author exploit sent a letter to a public mailing list. (more…)

Hackers attackGroup IB researchers discovered a vulnerability in Adobe Reader X and XI, which is actively exploited by hackers.

Experts of Group IB discovered a vulnerability in Adobe Reader version X and XI, which is actively exploited by virus writers. This vulnerability allows a remote user to execute arbitrary code on the target system, for which the victim to open a specially crafted PDF file in a browser or Adobe Reader.

According to researchers, this vulnerability is exploited in some versions of banking Trojans, such as Zeus, Spyeye, Carberp, Citadel. Cost to exploit this vulnerability is estimated between $ 30,000 to $ 50,000.

“Successful exploitation of this vulnerability requires special conditions: for example, to implement the unauthorized execution of arbitrary code, you must close the Internet browser or restart it, – said the director of international projects, audit and consulting Group-IB Andrey Komarov. – Another option is to initialize the exploitation of interaction with the user, according to which the victim required to approve any action in the context of an open document, and then execute the malicious code. ” (more…)

internet explorer logoIn the public domain already has two options to exploit the vulnerability of non-elimination, which is actively exploited by hackers.

A newly discovered vulnerability in Microsoft Internet Explorer, which affects versions 7, 8 and 9 is used by hackers to install a Trojan application Poison Ivy on users’ systems. At the moment in the public domain are 2 options to exploit the vulnerability, available as a module for Metasploit Framework. The vulnerability was first reported on September 14, when security researcher Eric Romang (Eric Romang) said in his blog that he had found an exploit for a previously unknown vulnerability in Internet Explorer. According to the expert, he studied the compromised servers that used the hacker group members Nitro. (more…)