Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine

The operators of the affected security website, which became the drive-by attack against visitors, has asked FireEye not to reveal its URL, Mike Scott, senior staff threat analyst at FireEye, told SCMagazine.com on Monday.

The zero-day takes advantage of a timestamp vulnerability affecting IE 7 and 8 on Windows XP and IE 9 on Windows 7, according to the post, which states that a memory access vulnerability designed to work with IE 7 and 8 on Windows XP and Windows 7 is also abused.

“The exploit targets the English version of Internet Explorer, but we believe the exploit can be easily changed to leverage other languages,” according to the post. “Based on our analysis, this vulnerability affects IE 7, 8, 9, and 10.

via Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine.

via Security forum website targeted in drive-by attack leveraging IE zero-day – SC Magazine.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s