Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Public release of IE exploit could spark widespread attacks

Lucian Constantin | Oct. 2, 2013
The vulnerability affects all versions of Internet Explorer and can be exploited to execute arbitrary code on computers when IE users visit a specially crafted Web page hosted on a malicious or compromised website.

In particular, the exploit contains system fingerprinting code that's not actually used, which suggests the original author is at least familiar with prior exploits found in exploit packs, Beardsley said.

According to Chen, the junk fingerprinting code appears to have been reused in various exploits since at least 2012.

Microsoft's next batch of security updates is scheduled for Oct. 8, but it's not clear if the company will issue a permanent patch for this particular vulnerability at that time.

Beardsley hopes it will. "The Fix It is effective, so I hope it would be straightforward to patch properly," he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.