Attack code posted for new IE zero-day vulnerability

Microsoft is investigating claims of a new zero-day vulnerability that leaves Internet Explorer browser users wide open to remote code execution attacks.

Microsoft is investigating claims of a new zero-day vulnerability that leaves Internet Explorer browser users wide open to remote code execution attacks.

Exploit code for the vulnerability has been added to the Metasploit tool and a video has been posted to provide a demo of the severity.

Here's a brief description of the issue from VUPEN:

follow Ryan Naraine on twitter

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the "mshtml.dll" library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various "@import" rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3, and with Internet Explorer 7 and 6 on Windows XP SP3.

Metasploit's exploit code provides some more information:

This module exploits a memory corruption vulnerability within Microsoft HTML engine (mshtml). When parsing an HTML page containing a recursive CSS import, a C++ object is deleted and later reused. This leads to arbitrary code execution.

According to the video posted by Abysssec Security Research, the exploit bypasses two key Windows anti-exploit mitigations (DEP and ASLR) without the use of any third party extensions.

There are reports that the vulnerability was first published on a Chinese security blog.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All