Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
09-18-2012, 09:50 PM, (This post was last modified: 09-18-2012, 10:16 PM by h3rm35.)
#1
Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
Original URL: http://www.theregister.co.uk/2012/09/17/yet_another_explorer_zero_day/
Users told: Get rid of Internet Explorer (again)
It’s more like an exploit than a browser
[Image: internet_explorer_on_fire.jpg]
By Richard Chirgwin
Posted in Security, 17th September 2012 22:17 GMT

Internet Explorer users have been told to ditch the application and switch to another browser, pronto.

The warning comes from Rapid7, which describes a hole that’s exploitable by visiting a malicious Website (and, of course, in the world of Twitter and shortened URLs, it’s so much easier to get users to visit such sites).

Visiting a malicious site gives the attacker the same privileges as the current user, according to Rapid7’s post, here [1]. Although the published exploit targets XP, Rapid7 says the attack works on IE 7 through 9 running on XP, Vista and Windows 7.

The discoverer of the exploit, Eric Romang, says [2] the zero-day drops a file, Exploit.html, on the target. This, in turn, creates files with img and swf suffixes, which IE treats as Flash.

Romang claims the exploit was created by the same group – Nitro – that recently released [3] a Java zero-day into the wild.

Rapid7’s HD Moore, also chief architect of Metasploit, told [4] Ars that he’s surprised to see the exploit work across Windows Vista and 7: “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS”, he said. The attack bypasses ASLR – address space layout randomization – that’s meant to help defend the newer operating systems against attack.

Microsoft is looking at the exploit now, and has stated that it will “take the necessary steps” once it has a fix ready. ®
Links

https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/
http://www.theregister.co.uk/2012/08/31/nitro_hackers_abuse_java_exploit/
http://arstechnica.com/security/2012/09/critical-zero-day-bug-in-microsoft-internet-explorer/
[Image: conspiracy_theory.jpg]
Reply
09-18-2012, 11:14 PM, (This post was last modified: 09-18-2012, 11:14 PM by Anarchist.)
#2
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
[Image: mozilla-and-chrome-mr-wrong.jpg]

[Image: browser-wars.jpg]

That last one pretty much sums up my opinion on IE.
Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin slitting throats. - Henry L. Mencken

I believe that it is better to tell the truth than a lie. I believe it is better to be free than to be a slave. And I believe it is better to know than to be ignorant. - Henry L. Mencken
Reply
09-18-2012, 11:25 PM,
#3
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
Where's Opera?
Reply
09-18-2012, 11:54 PM,
#4
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
[Image: Firefox-vs-Explorer-vs-Opera-vs-Chrome.jpg]
Every normal man must be tempted at times to spit on his hands, hoist the black flag, and begin slitting throats. - Henry L. Mencken

I believe that it is better to tell the truth than a lie. I believe it is better to be free than to be a slave. And I believe it is better to know than to be ignorant. - Henry L. Mencken
Reply
04-09-2013, 10:26 PM,
#5
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
"Internet Explorer: The #1 browser to use to download a different browser."
Reply
04-20-2013, 03:49 PM,
#6
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
The title is priceless. I havent use IE since my last format, like 9 months ago. The process go like this "www.google.com / Search: Chrome / Download & Install Chrome / Set Chrome default / IE?"
Reply
04-20-2013, 04:06 PM,
#7
RE: Get rid of Internet Explorer (again) - It’s more like an exploit than a browser
Funny. Thanks.
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Alternatives to the internet shortwave 32 8,825 04-23-2014, 08:58 PM
Last Post: CharliePrime
Exclamation Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet temp9 7 2,392 04-10-2014, 03:36 PM
Last Post: temp9
  Free Google internet access Orwell63 4 1,191 12-17-2013, 12:17 AM
Last Post: Watchdog
  Snowden Files: NSA and GCHQ Target TOR Web Browser mexika 0 528 10-04-2013, 11:08 PM
Last Post: mexika
  Internet Storm Center Status JFK 0 1,068 09-24-2013, 01:26 PM
Last Post: JFK
  Clover: Windows Explorer with Tabs (freeware) thokling 0 664 04-08-2013, 03:50 PM
Last Post: thokling
  Web wipeout: Syria suffers nationwide internet blackout zoverload 1 674 11-29-2012, 06:46 PM
Last Post: FastTadpole
  Malware may knock thousands off the internet on Monday zoverload 0 599 07-06-2012, 04:03 PM
Last Post: zoverload
  DNSSEC: the internet's International Criminal Court? h3rm35 3 2,933 04-27-2012, 10:10 AM
Last Post: FastTadpole
  Security slackers risk Internet blackout on March 8 Frank2 0 795 02-23-2012, 09:55 PM
Last Post: Frank2

Forum Jump:


Users browsing this thread: 1 Guest(s)