Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: New IE zero-day attack reported

09 Nov 2013   #1
Brink
Microsoft MVP

64-bit Windows 10
 
 
New IE zero-day attack reported

Quote:
Researchers at network security company Fireeye have identified a zero-day exploit of Internet Explorer on a breached web site.

The specific exploit targets the English versions of Internet Explorer 7 and 8 on Windows XP and IE8 on Windows 7. FireEye says their analysis indicates that the vulnerability behind it affects IE 7, 8, 9 and 10.

FireEye does not say if IE10 on Windows 8 is affected or if they examined IE11.

There are two vulnerabilities involved in the attack: the first is an information disclosure vulnerability which the exploit uses to retrieve the timestamp from the PE headers of msvcrt.dll (part of the Microsoft Visual C++ runtime). The second is an IE out-of-bounds memory access vulnerability, used to achieve code execution.
Read more at: New IE zero-day attack reported | ZDNet


My System SpecsSystem Spec
.

11 Nov 2013   #2
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

From FireEye blog:
Quote:
Shellcode
This exploit has a large multi-stage shellcode payload. Upon successful exploitation, it will launch rundll32.exe (with CreateProcess), and inject and execute its second stage (with OpenProcess, VirtualAlloc, WriteProcessMemory, and CreateRemoteThread). The second stage isn’t written to a file as with most common shellcode, which usually downloads an executable and runs it from disk.
In Windows 7, MSCONFIG could help by loading only the necessaries services at start-up in order to stop the rundll32.exe being created. Or disable prefechter and superfetch the time it got fixed..
My System SpecsSystem Spec
Reply

 New IE zero-day attack reported




Thread Tools





Similar help and support threads
Thread Forum
DDoS Attack, Changed IPs Still Under Attack
I'm being DDoS attacked. My ping was been spiking from 50 to 250+. I've tried changing my IP multiple times and I still was attacked (Note: I own 3 computers and 1 tablet). I've tried disabling startup processes, av scans, and basic rootkit scans and found nothing. However, after I uninstalled...
System Security
BF3 under attack
source I was going to play some tonight :cry: ..guess I will wait.
Gaming
Am I under attack?
Computer has been running a little strangely, lately. Seems that after I manually shut it down, it won't restart unless I toggle the on/off switch of one of the surge suppressors I have it attached to. So I ran Norton 360 to see what it has been doing to protect me. Below is a screen shot of...
System Security
Virus Attack?
I believe I may have downloaded a virus and it's stopping me from running any other programs, esp. antivirus software. What can I do? Is there a way to get around this or what?
System Security
MAC Attack
No I'm not hungry, it's just the the firewall popped an alert that it had blocked an attack by something using the same MAC address of my primary rig, and since I have the wireless disabled, I can only imagine that this must have come from the internet. I have seen a number of attacks blocked...
System Security
New SSL attack.
New SSL attack can steal sensitive info from secure Web sites. . Link - New SSL attack can steal sensitive info from secure Web sites | Security Central - InfoWorld
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:08.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App