IE "Unicorn" bug actively exploited in the wild

  • 21 November 2014
  • 0 replies
  • 3 views

Userlevel 7
Author: Zeljka Zorz HNS Managing Editor/ Posted on 21 November 2014.
 
Last week, in its regular Patch Tuesday, Microsoft patched a number of serious vulnerabilities, including one that is nearly two decades old, dating back to Microsoft IE 3.0.

Discovered by the IBM X-Force Research team, the bug (CVE-2014-6332) can be exploited in drive-by attacks to take over the user’s machine, as it allows attackers to sidestep the Enhanced Protected Mode sandbox in IE 11 as well as the Microsoft's free EMET anti-exploitation tool.

It didn't take long for someone to make publicly available a proof-of-concept exploit for the flaw, and it took even less time for this particular exploit code to be modified and used by cyber criminals.

ESET researchers have spotted an active malware delivery campaign using the exploit to target users who visited a specific web page (about TV Reality show winners) on a popular Bulgarian news agency website.

"Strangely, the exploit is actually present two times consecutively," they shared. But, the delivered payload is the same in both cases: a file namednatmasla.exe.
 
full article

0 replies

Be the first to reply!

Reply