Skip to main content

Java zero-day leads to Internet Explorer zero-day

posted onSeptember 17, 2012
by l33tdawg

While looking around a compromised server that was being used to exploit Java vulnerabilities, a security researcher stumbled upon another exploit that he claims affects fully patched versions of Microsoft Internet Explorer 7 and 8.

Eric Romang found four files on the server: an executable, a Flash Player movie and two HTML files called exploit.html and protect.html

When users visit the exploit.html page, it loads the Flash movie, which in turn loads the other HTML page, protect.html. Together, they help drop the executable on to the victim's computer. At this point, attackers have everything they need to drop whatever applications they like on the victim's machine, whether it is to join a botnet or conduct attacks. In this case, the dropper executable installs another program when the victim next logs in.

Source

Tags

Java Security IE Micrsoft

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th