Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote malicious users to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
This module exploits a vulnerability found in Microsoft Internet Explorer. A use-after-free condition occurs when a CButton object is freed, but a reference is kept and used again during a page reload, an invalid memory that's controllable is used, and allows arbitrary code execution under the context of the user. Please note: This vulnerability has been exploited in the wild targeting mainly China/Taiwan/and US-based computers.
msf > use exploit/windows/browser/ie_cbutton_uaf msf exploit(ie_cbutton_uaf) > show targets ...targets... msf exploit(ie_cbutton_uaf) > set TARGET <target-id> msf exploit(ie_cbutton_uaf) > show options ...show and set options... msf exploit(ie_cbutton_uaf) > exploit
CVE-2012-4792 CVE-2012-4792 simple calc exploitation
Exploit Development: Case Studies This repository is intended as a personal list of exploit development case studies I stumble upon during my work My categorization is not very granular — I'm skipping differentiation between user-mode and kernel-mode, as well as type of the software being exploited Exploit primitives are what's really important, therefore the
Case Study of Browser DOM Vulnerabilities Inspired by js-vuln-db Chrome CVE Number / ID Module Label Credit CVE-2018-6073 WebGL Heap Overflow om@krashin CVE-2018-16082 sw::Surface Stack Overflow om@krashin CR-666246 HTMLSelectElement UAF ifratric Firefox CVE Number Module Label Credit CVE-2016-9079 nsSMILTimeContainer UAF Daniel Veditz CVE-2017-
MicroSoft Office RCEs A collection of MicroSoft Office vulnerabilities that could end up remote command execution CVE-2012-0158 CVE-2015-1641(customXML type confusion) CVE-2016-7193(dfrxst) CVE-2017-0199 CVE-2017-8570 CVE-2017-8759(NET Framework) CVE-2017-11182 CVE-2017-11826(EQNEDT32EXE) CVE-2018-0802(EQNEDT32EXE again) CVE-2018-0797(RTF UAF) CVE-2018-8597(Excel) CVE-2018
The FBI has arrested a Chinese national on accusations of distributing and infecting US companies with the Sakula malware, the same malware used in the OPM and Anthem hacks.
The suspect's name is Yu Pingan, 26, of Shanghai. US authorities arrested Yu on Monday, August 21, at the Los Angeles airport, as the suspect entered the US to attend a security conference.
According to an official indictment, authorities accused Yu and two other unnamed co-conspirators of infecting four US compa...
'Black Vine' gang, late of China, fingered as source of heist that lifted 70 million records
The case for a Beijing-orchestrated hack of health insurer Anthem has firmed up with new details suggesting that the sophisticated hacking group responsible for the heist shared zero days with rival outfits.
Symantec has overnight dubbed the perps "Black Vine", suggesting the group was responsible for goring more than 70 million personal records from the US company in February.
The security firm paints the group as ultra-sophisticated and unusually keen to share its precious trove of...
The scope of a watering hole attack targeting the U.S. Department of Labor website widened significantly over the weekend. Researchers are reporting that as many as nine websites, including a European aerospace, defense and security manufacturer as well as a number of non-profit organizations have also been compromised and are redirecting visitors to a website hosting malware.
Microsoft, meanwhile, released an advisory warning Internet Explorer 8 users that the attackers are exploiting a z...
The United States Department of Labor website is the latest high-profile government site to fall victim to a watering hole attack. Researchers at a number of security companies reported today that the site was hosting malware and redirecting visitors to a site hosting the Poison Ivy remote access Trojan.
The malware has since been removed and law enforcement is investigating.
Researchers at Kaspersky Lab and CrySys Lab have discovered files buried inside a MiniDuke command and control server that indicate the presence of a Web-based facet of the campaign that initially targeted government agencies, primarily in Europe.
Users are likely lured to the malicious webpages via spear phishing messages containing a link to the attack site. The site, which remains active, is serving exploits for patched vulnerabilities in Java and Internet Explorer, research...
The Java saga continued when unknown, and apparently well concealed goons exploited recent Java and Internet Explorer zero-days to compromise the website of the French-based, free-press advocacy group, Reporters Without Borders. The attack, which attempted to take advantage of the time-gulf that separates Oracle’s patch release from their users’ application of it, is part of a watering hole campaign also targeting Tibetan and Uygur human rights groups as well as Hong Kong and Taiwanese polit...
Internet Explorer users, exposed to a zero-day vulnerability in the browser and a faulty temporary Fix It from Microsoft, finally got some relief today when the company, as promised, released an out-of-band patch.
Meanwhile, a handful of new telco, manufacturing and human rights sites have been infected and have been serving exploits since the public release of the zero-day, a researcher told Threatpost.
The IE security update repairs previously unreported flaws in IE 6-8...
Took them under 24 hours
A security researcher has developed a method to circumvent Microsoft's temporary fix for a zero-day Internet Explorer browser vulnerability.
Redmond release a temporary Fix It to defend against the flaw last week, pending the development of a more complete patch which it later emerged would not arrive with updates due to be delivered on Patch Tuesday tomorrow. However, Peter Vreugdenhil, of the vulnerability analysis firm Exodus Intelligence was able to sidestep that protection with a va...
Expect amped up pressure aimed in Microsoft’s direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft released as a temporary mitigation.
Their new exploit beat a fully patched Windows system running IE 8, the same version of the browser exploited by malware used in watering hole attacks against a number of political and manufacturing...
Patch Tuesday can't come soon enough
Microsoft has pushed out a temporary fix to defend against a zero-day vulnerability that surfaced in attacks launched last week.
The security flaw (CVE-2012-4792) - which affects IE 6, 7 and 8 but not the latest versions of Microsoft's web browser software - allows malware to be dropped onto Windows PCs running the vulnerable software, providing, of course, that users can be tricked into visiting booby-trapped websites.
Redmond has released a temporary Fix It (easy-to-apply workaroun...