Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2012
    S M T W T F S
    « Nov   Jan »
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for December 31st, 2012




    Late last week, the Council on Foreign Relations website was compromised and modified to host a 0-day exploit affecting Internet Explorer. Analysis revealed that the attack was set to affect a specific set of users, as it was set to work only if the browser language was set to English (US), Chinese (China), Chinese (Taiwan), Japanese, Korean, or Russian.

    Microsoft has then issued a security advisory for the vulnerability and provided some workarounds, to serve as protection until a solution is released. Trend Micro users, however, are already protected through Trend Micro Deep Security, specifically through the following rules:

    • 1005297 – Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability (CVE-2012-4792)
    • 1005301 – Identified Suspicious JavaScript Encoded Window Location Object
    • 1005298 – Microsoft Internet Explorer CDwnBindInfo Object Use-After-Free Vulnerability (CVE-2012-4792) Obfuscated

    The abovementioned rules are set to detect all known variants of exploits.

    The use-after-free vulnerability in Microsoft Internet Explorer enables remote attackers to execute arbitrary code execution. As stated in Microsoft’s blog, we have also observed that all the reported targeted attacks so far have been triggered by an encoded or obfuscated JavaScript Window Location objects which is generally used to change the location object of the current window. The vulnerability is with cButton object which has been freed but its reference was used again during the page reload will point to an invalid memory location yielding arbitrary code execution under the context of the current user. Microsoft Internet Explorer versions 6, 7, and 8 are affected, but newer versions such as IE9 & IE 10 are not affected by this vulnerability.

    Read the rest of this entry »

     
    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice