IE8 Exploit Already Available

Wednesday, May 8, 2013 @ 09:05 PM gHale

Full information about how to make use of the Internet Explorer 8 vulnerability is now in widespread circulation.

An attack on a sub-site of the U.S. Department of Labor found attackers were in fact using a new exploit for a Zero Day vulnerability which only affects Internet Explorer 8.

Zero Day: IE 8 Falls Victim
DoL Site Spreads PoisonIvy
Department of Labor Site Hacked
Blog Hacked, Phishing Attack Ensues

Initial reports suggested the attack was using a known, and patched, vulnerability CVE-2012-4792. It became clear, however, the exploit used was not that one, but a different remote code execution vulnerability.

Microsoft issued an advisory for this vulnerability, CVE-2013-1347, which still only appears in Internet Explorer 8, while it continues its investigation.

The flaw is a use-after-free problem that corrupts memory in such a way as to allow arbitrary code to inject. A Metasploit module is now available that exploits the vulnerability, which means the technique is generally accessible.

Microsoft suggests users of IE8 could deploy EMET, the Enhanced Mitigation Experience Toolkit, and gives instructions how to configure it to add its protective layer to IE8 either through the EMET user interface, command line or via Group Policy.

Upgrading to IE9 is also an option for Windows Vista and later, and upgrading to IE10 is an option for users of Windows 7 or later. The other option is, of course, switching to another browser such as Chrome or Firefox.

The important message for all users is they should be aware there is a Zero Day exploit for IE8 in the wild and it is a part of attacks of unknown purpose.

Leave a Reply

You must be logged in to post a comment.