Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote malicious users to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet explorer 8 |
||
microsoft internet explorer 9 |
||
microsoft internet explorer 10 |
||
microsoft internet explorer 6 |
||
microsoft internet explorer 7 |
According to KSN data, Kaspersky Lab solutions detected and repelled 479,528,279 malicious attacks from online resources located in 190 countries all over the world. 79,209,775 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 288 thousand user computers. Crypto ransomware attacks were blocked on 240,799 computers of unique users. Kaspersky Lab’s file antivirus det...
Multiple rival researchers warn of Cryptowall delivery ruse targeting employers
Security researchers are focussing their crosshairs on what appears to be high-volume spam and exploit campaigns to deliver the latest iteration of the Cryptowall ransomware. Boffins from the SANS Institute, Cisco, and MalwareBytes have identified a dangerous if goofy spam campaign slinging the nasty ransomware masquerading as file attachment bearing a résumé. SANS handler Brad Duncan says the two campaigns to foist Cryptowall 3.0, also known as Croti, appear to be the handiwork of one attacke...
Actually, it's about ethics in data kidnapping
Researchers have spotted malware that targets gamers, and threatens to trash their in-game progress unless they pay up. The software nasty, dubbed Teslacrypt, works in the same way as traditional ransomware like Cryptolocker. It attempts to infect Windows PCs by exploiting a vulnerability in Adobe Flash (CVE-2015-0311) or Internet Explorer (CVE-2013-2551). A victim has to visit a booby-trapped website to get infected, although the malware backs off if it detects the presence of some antivirus pa...
There is no honour among thieves
A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...