ID :IRCNE2013011720
Date: 2013-01-08
According to ZDnet, a team of researchers at Exodus Intelligence say they have cracked the temporary fix released by Microsoft for a zero day exploit found in Internet Explorer.
The security researchers at the firm say that they have managed to beat Microsoft's "Fix It" solution, which was recently released as a temporary measure. The original vulnerability came to light several weeks ago and is able to infiltrate various versions of Internet Explorer.
Security researcher Eric Romang originally found four files while stumbling around a compromised server; an executable, a Flash Player movie and two HTML files called exploit.html and protect.html. Together, when a user visits the exploit.html page, it loads the Flash movie, which in turn loads the other HTML page. Afterwards, the executable is dropped on to the victim's computer, which allows cyberattackers to drop any file they wish on to the machine and take control via malware or bots.
The vulnerability occurs in the way IE accesses an object in memory which may be corrupted, either due to memory deletion or improper allocation, which then gives an attacker access with user privileges.
Exodus will not release specific details of its crack until Microsoft has patched the vulnerability, but if white-hat researchers have already managed to crack the code, then there is no reason to believe malware coders have not already done so.
Related Topics
Microsoft issues fix for IE flaw that could allow PC hijack
- 2