Many exploits has been discovered these days that affects many services and now it is for Internet Explorer. Recently four zero-day exploits has been revealed for Internet Explorer by Hewlett-Packard.
HP's Zero-Day Initiative (#ZDI) has disclosed four exploits in Internet Explorer that could be exploited by any attacker that can be used to execute malicious code on victim's machine.
Zero-Day exploit means any exploit that has been discovered that is not even known to the developer or service provider. These four exploits also affects Internet Explorer Mobile on Windows Phones as well.
The four exploits are
#ZDI-15-359 : AddRow Out-Of-Bounds Memory Access Vulnerability.
#ZDI-15-360 : Use-After-Free Remote Code Execution Vulnerability.
#ZDI-15-361 : Use-After-Free Remote Code Execution Vulnerability.
#ZDI-15-362 : Use-After-Free Remote Code Execution Vulnerability.
The most critical vulnerability is the first one that affects the way Internet Explorer handles some specific arrays. Another bug is handling #CAttrArray objects. It allows attacker to manipulate document's element.
The last two are similar and they are in mishandling #CTreePos and #CCurrentStyle objects in some situations.
The four bugs has been reported to Microsoft and they has fixed the bugs but the flaws remain open in Internet Explorer Mobile.
P.S : The post is to create awareness and not to be misused.
No comments:
Post a Comment