Attack code posted for new IE zero-day vulnerability

Summary:Microsoft is investigating claims of a new zero-day vulnerability that leaves Internet Explorer browser users wide open to remote code execution attacks.

Microsoft is investigating claims of a new zero-day vulnerability that leaves Internet Explorer browser users wide open to remote code execution attacks.

Exploit code for the vulnerability has been added to the Metasploit tool and a video has been posted to provide a demo of the severity.

Here's a brief description of the issue from VUPEN:

follow Ryan Naraine on twitter

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the "mshtml.dll" library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various "@import" rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3, and with Internet Explorer 7 and 6 on Windows XP SP3.

Metasploit's exploit code provides some more information:

This module exploits a memory corruption vulnerability within Microsoft HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.

According to the video posted by Abysssec Security Research, the exploit bypasses two key Windows anti-exploit mitigations (DEP and ASLR) without the use of any third party extensions.

There are reports that the vulnerability was first published on a Chinese security blog.

Topics: Operating Systems, Browser, Microsoft, Security, Software, Software Development, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.