Tag Archives: zero days

Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

M

icrosoft has released emergency advisory ‘Vulnerability in Internet Explorer Could Allow Remote Code Execution’ which is a zero day exploit that hackers exploited zero day vulnerability in IE versions 8 and 9 on Windows XP and Windows 7. This is after investigating public reports of the vulnerability. The vulnerability affects “all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11).” ( Emil Protalinski, 2013).

Zero day vulnerabilities also known as zero day attacks are software holes or backdoors that are not known by the vendor, meaning that the attack occurs on ‘day zero of reaction of the exposure. The developers will have had zero days to address and patch the vulnerability.

The company has found that the flaw could potentially affect all supported versions, although it says that running “modern versions” of IE has the advantage of additional security features that can help prevent successful attacks. The flaw in question makes remote code execution possible if you browse to a website containing malicious content for your specific browser type (an attacker can either compromise a regularly frequented and trusted site or convince the user to click a link in another application). Continue reading Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

Advertisements

Zero-Day Used In Targeted Email Attacks on Adobe Flash

A dangerous zero-day Flash attack revealed yesterday by Adobe patched along with other flaws in the application is the dreaded and relatively rare universal cross-site scripting (XSS) threat. The vulnerability was spotted being exploited in the wild in targeted, email-based attacks.

Universal XSS attacks spread via browsers or plug-ins, so they can affect any website, regardless of whether it harbors inherent XSS flaws. Adobe’s patch for the flaw was issued late yesterday, one day after it had issued updates for Acrobat and Reader in its regularly scheduled patch release. Continue reading Zero-Day Used In Targeted Email Attacks on Adobe Flash