Romang and together, and pretty soon we had a working exploit. The Metasploit team has had the pleasure to work with Mr. Because last weekend, our fellow researcher and Metasploit contributor Eric Romang just spotted another 0-day, possibly from the same group, exploiting a Microsoft Internet Explorer use-after-free vulnerability. You'd think the 0-day attack from the same malicious group might cool down a little after that incident. Here's the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit ( CVE-2012-4681), with a blog entry titled " Let's Start the Week with a New Java 0day in Metasploit". We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available.
Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7.
0 kommentar(er)
