Security Best Practices, Breaking News, & Updates
Microsoft Internet Explorer older versions - Security Advisory 2794220
This new warning encourages users to avoid key targeted attacks in progress affecting older versions of their browser.? Key Microsoft resources for Microsoft Advisory 2794220 are noted below:
?
http://technet.microsoft.com/en-us/security/advisory/2794220
?
http://blogs.technet.com/b/msrc/archive/2012/12/29/microsoft-releases-security-advisory-2794220.aspx
?
http://blogs.technet.com/b/srd/archive/2012/12/29/new-vulnerability-affecting-internet-explorer-8-users.aspx
QUOTE: In this particular vulnerability, IE attempts to reference and use an object that had previously been freed. The components of an exploit for such a vulnerability are typically the following:
*? Javascript to trigger the Internet Explorer vulnerability
*? Heap spray or similar memory preparation to ensure the memory being accessed after it has been freed is useful
*? A way around the ASLR platform-level mitigation
*? A way around the DEP platform-level mitigation
?
We?ve analyzed four exploits, all the targeted attacks we have seen. They are all very similar:
*? Obfuscated Javascript to trigger the vulnerability
*? Flash ActionScript-based heap spray
*? ASLR bypass using either Java6 MSVCR71.DLL or Office 2007/2010 hxds.dll
*? DEP bypass via chain of ROP gadgets (different ones depending on ASLR bypass)
sound of music foot locker champs champs calvin johnson calvin johnson festivus
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.