Posts Tagged ‘internet explorer’

New Vulnerabilities

0day-exploit for Internet Explorer

Microsoft warns users of Internet Explorer, what the attackers began to exploit a new previously unknown 0-day vulnerability in browser IE 6-10.

Now specialists are working on the release of the patch, which will included in automatic updates. But the danger is so great that people are asked to self-install the patch Fix It, which released an emergency basis. Before you install it you need to install the September patch KB2870699.

Vulnerability CVE- 2013-3893 refers to the browser Microsoft Internet Explorer 6-10 under all versions of the OS, other than Server Core, and allows for remote code execution. According to the official description, the failure is due to improper browser access to an object in memory that has been deleted or incorrectly placed. Exploit the remote execution of code means that an attacker can install malicious software on your computer, just pointing it on outside web page (the attack drive-by). (more…)

Security Patches

Security Patches

Adobe and Microsoft on Tuesday released monthly updates for its software, eliminating  a number of critical vulnerabilities and bugs in the code for the their popular products.

Adobe Systems eliminated vulnerabilities in their three popular sets – Coldfusion, Flash and Shockwave. For Flash update is available for operating systems Windows, Mac OS X and Linux, mobile version of the updated player was also released for the operating system Android. According to Adobe, update fixes vulnerabilities in the four points of the product. (more…)

internet explorer logoMicrosoft has released an emergency fix for browser Internet Explorer, which has been fixed a vulnerability exploited by hackers on the Internet to break into computers.

Error is in the older versions of the browser, the latest IE 10 is not affected by the problem. According to the company, the problem is fixed in the code of Internet Explorer 6, 7 and 8. The company said about first problem on Saturday, promising as soon as possible to release a fix.

In the anti-virus company Symantec said that already committed a wave of attacks that exploit the vulnerability. In attacks malefactors try to place a malicious code of Bitfrose which first representatives appeared in 2004 on attacked computers. Bitfrose is the backdor allowing the organizer of attack to abduct from the user computer various data. Now the most part of attacks with use of the last representative of Bitfrose is concentrated in the USA. (more…)

HackersUnidentified hackers posted on the compromised site exploit to a zero-day vulnerability in IE.

December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the site exploits a previously unknown vulnerability in Microsoft Internet Explorer.

First started talking about breaking only on December 27. Representative of the Council on Foreign Relations, David Mikhail said that the organization is aware of a security incident, and is being investigated.

December 28th the company FireEye blog published an analysis of malicious software that has been used by hackers. According to the analysis FireEye, attackers have used Adobe Flash for the preparation of dynamic memory on the system of the victim (heap spray) for the successful operation of a zero-day vulnerability in Microsoft Internet Explorer. The exploit has been designed for users who have a browser is the default put English, Chinese, Japanese, Korean or Russian. (more…)

Vulnerability

Vulnerabilities in Microsoft Internet Explorer

Vulnerability: Multiple vulnerabilities in Microsoft Internet Explorer

1. System compromise in Microsoft Internet Explorer

Danger: High
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2012-4787
Vector of operation: Remote
Impact: System Compromise

Affected Products: Microsoft Internet Explorer 9.x, Microsoft Internet Explorer 10.x

Affected versions: Internet Explorer 9.x, Internet Explorer 10.x

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error in the processing of incorrectly initiated or remote object in Ref Counting. The vulnerability allows a remote user to execute arbitrary code on the target system. (more…)

internet explorer logoAccording to a study web-browser from Microsoft three times surpassed its nearest rival Google Chrome.

The company NSS Labs has tested the popular web-browsers. It was found that the most secure browser was named Internet Explorer, which is being developed by Microsoft.

The experts found that IE better protect users from malware than other browsers. According to a study by research firm NSS Labs, web-browser IE three times surpassed its nearest rival Google Chrome. (more…)

internet explorer logoVulnerability: System compromise in Microsoft Internet Explorer

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1
Impact: System Compromise
Affected Products:
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Affected versions: Microsoft Internet Explorer 8.x, 9.s (more…)

internet explorer logoTags: Internet Explorer, vulnerability, 0-day exploits

Users of Microsoft Internet Explorer versions 7, 8 and 9 is recommended as soon as possible to establish a temporary solution.

Microsoft has released a temporary solution to fix a critical vulnerability (CVE-2012-4969) in Microsoft Internet Explorer versions 7, 8 and 9. Browser users should promptly install it solution from the site manufacturer. (more…)

internet explorer logoIn the public domain already has two options to exploit the vulnerability of non-elimination, which is actively exploited by hackers.

A newly discovered vulnerability in Microsoft Internet Explorer, which affects versions 7, 8 and 9 is used by hackers to install a Trojan application Poison Ivy on users’ systems. At the moment in the public domain are 2 options to exploit the vulnerability, available as a module for Metasploit Framework. The vulnerability was first reported on September 14, when security researcher Eric Romang (Eric Romang) said in his blog that he had found an exploit for a previously unknown vulnerability in Internet Explorer. According to the expert, he studied the compromised servers that used the hacker group members Nitro. (more…)

internet explorer logoEric Romang discovered an exploit for IE on one of the servers that are used by participants hacker group Nitro.

Security researcher Eric Romang said in his blog that he had found an exploit for a previously unknown vulnerability in Internet Explorer. According to the expert, he studied the compromised servers that used the hacker group members Nitro.

In the director /public/help found 4 files (exploit.html, Moh2010.swf, Protect.html and 111.exe), which attracted the attention Romanga. All files have been opened on the test car with all-new OC Windows XP Professional Edition SP3, as well as the latest versions of Adobe Flash. The launch of these files has resulted in a system file was downloaded dropper. (more…)