Skip to main content

Microsoft Pressured To Patch Zero Day As VUPEN Creates Serious Exploit

posted onJune 21, 2012
by l33tdawg

Microsoft is facing pressure to patch a zero-day threat that is being exploited in the wild, as vulnerability seller VUPEN has found a way to make the exploit work across all Windows platforms.

Attack code for the CVE-2012-1889 flaw, which affects Microsoft XML component found in Internet Explorer, was published earlier this month. The vulnerability could allow remote code execution if a user visits a specially-crafted webpage on Internet Explorer.

Security researchers have seen attempts to spread malware via an injection of malicious iframes on websites. Sophos found a website of a European aeronautical parts supplier had been hacked and was serving up a malicious attack exploiting CVE-2012-1889. The drive-by attack vector was similar to another it had seen affecting a European medical company earlier this week, which was also taking advantage of the zero-day security hole.

Source

Tags

Vupen Security Microsoft Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th