Wednesday, December 10, 2008

Fully patched Internet Explorer is Vulnerable, 0-Day again...

A remote exploit targeting fully patched IE (several versions) is available in the wild, the vulnerability is rated as critical.
VeriSign's iDefense security division reports that attack code was up for sale at prices of up to $15,000 through underground forums.


The exploit is available on http://milw0rm.com/exploits/7403
Real example of the exploit: http://milw0rm.com/sploits/2008-iesploit.tar.gz

Analysis by HD Moore:

Microsoft Official Advisory:

Snort Signatures:

List of sites exploiting this vulnrability:

Workaround:

The exploit is spreading:

The big picture:
Hackers are using mass SQL-Injection attacks to infect legitimate sites with malicious IFrame and JavaScript that may redirect the user to a malicious site with the IE exploit, so visitors to those trusted sites will be infected, the exploit will drop different flavors of malware on the client PC.

No comments: