![]() ![]() To try out this module, get your free Metasploit download now, or update your existing installation. The exploit also works against Windows Vista, but I think you guys get the point now. Here's another example exploiting a fully-patched Windows XP SP3 box: This one is against Internet Explorer 8 installed: The following screenshot demonstrates a successful attack against a Windows 7 machine with Internet Explorer 9 installed: You may download Metasploit here, and apply the latest update to pick up the exploit. ![]() Romang and together, and pretty soon we had a working exploit. The Metasploit team has had the pleasure to work with Mr. Because last weekend, our fellow researcher and Metasploit contributor Eric Romang just spotted another 0-day, possibly from the same group, exploiting a Microsoft Internet Explorer use-after-free vulnerability. You'd think the 0-day attack from the same malicious group might cool down a little after that incident. Here's the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit ( CVE-2012-4681), with a blog entry titled " Let's Start the Week with a New Java 0day in Metasploit". We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |