New zero day vulnerability in IE allows remote code execution

28 Apr 2014

A new zero day vulnerability common to all Internet Explorer versions had been detected in the wild, Microsoft confirmed late Saturday.

Internet Explorer An advisory issued by Microsoft said, the vulnerability, which could allow remote code execution, was being used in "limited, targeted attacks." Security firm FireEye, which first reported the flaw Friday, said while all versions of the web browser, IE 6 through 11, were affected by the vulnerability, attacks were currently targeting IE versions 9, 10 and 11.

The company said the attack leveraged a previously unknown "use after free" vulnerability -- data corruption that occured after memory had been released -- and bypassed both Windows DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) protections.

CNET cited FireEye as saying the vulnerability was currently being exploited by a group of hackers targeting financial and defence organisations in the US.

FireEye said, the APT [advanced persistent threat] group responsible for the exploit had been the first group to have access to a select number of browser-based 0-day exploits (eg IE, Firefox, and Flash) in the past. FireEye added, they were extremely proficient at lateral movement and were difficult to track, as they typically did not reuse command and control infrastructure.

Meanwhile, Microsoft said in a security advisory that the critical flaw revolved around XP's Internet Explorer 6, 7 and 8 browsers.

"Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11," the software giant said.

The vulnerability could potentially allow an attacker to "execute arbitrary code" when the victim visited a specially crafted website.

According to a separate article in Computerworld, the bug might allow hackers to exploit an unpatched critical vulnerability in the IE with "drive-by" attacks.

After Microsoft officially retired XP on  8 April, the company would not be issuing patches any longer.

According to Computerworld, users of Windows XP machines, for now, could use the Enhanced Mitigation Experience Toolkit (EMET) 4.1, an anti-exploit utility available on Microsoft's website.