Tuesday, June 19, 2012

Patch Tueseday: IE Remote Code Execution Vulnerability Being Actively Exploited In The Wild.

A critical Internet Explorer vulnerability, announced and patched by Microsoft in June's Patch Tuesday, is being exploited in the wild.
The vulnerability is CVE-2012-1875 (don't expect any detail - this link is just boilerplate stuff), patched in MS12-037.

SophosLabs has seen numerous attempts to exploit this vulnerability (Sophos products detect it as Exp/20121875-A).
Cunningly-crafted JavaScript code - which can be embedded in a web page to foist the exploit on unsuspecting vistors - is circulating freely on the internet.
Also, the Metasploit exploitation framework now has a plug-in module which will generate malicious JavaScript for you on-the-fly to help you automate an attack. (For authorised penetration testing and research purposes only, natch!)
The vulnerability carries the resounding name of "Same ID Property Remote Code Execution Vulnerability", and is caused by memory mismanagement in Internet Explorer. ...read more