Researcher explains why 19 year old Windows bug is especially nasty
By Darren Pauli, 12 Nov 2014 Researcher Robert Freeman has identified an 18 year-old critical remotely-exploitable hole affecting all versions back to Windows 95.The vulnerability (CVE-2014-6332) rated a critical score of 9.3 in all versions of Windows and was described as a rare "unicorn-like" bug in Internet Explorer-dependent code that opens avenues for man in the middle attacks.
The bug bypasses Redmond's lauded Enhanced Mitigation Experience Toolkit along with Enhanced Protected Mode sandbox in the flagship browser and was patched today some six months after it was reported, IBM's Freeman said.
"This complex vulnerability is a rare, 'unicorn-like' bug [that can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine," Freeman said.
"In this case, the buggy code is at least 19 years old and has been remotely exploitable for the past 18 years
Full Article
More information in this article:- 18-Year-Old Remotely Expoitable Vulnerabililty in Windows Patched by Microsoft