Jump to content

First exploitation of Internet Explorer ‘Unicorn bug’ in-the-wild


SweX

Recommended Posts

BY ESET RESEARCH

 

Microsoft released a patch last week for a critical vulnerability allowing remote code execution in Internet Explorer. This vulnerability, known as CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. This means that most, if not all, Internet Explorer users are vulnerable unless they are using patched systems. It gets worse: the vulnerability not only can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft’s free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET).

 

hxxp://www.welivesecurity.com/2014/11/20/first-exploitation-of-unicorn-bug/

Link to comment
Share on other sites

SweX, do you know if "the patch" was included in the Microsoft 11/12/14 update? I did not closely examine every KB item.

Edited by TomFace
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...