Exploit for New Internet Explorer 8 Vulnerability is Now Active and in the Wild

Stefan Mileschin · 8th May 2013, 08:38

Another day, another vulnerability waiting to be widely exploited by malware authors. The latest is a newly discovered vulnerability that affects Internet Explorer 8 whether it is in use on Windows XP, Vista, or 7. The exploit has already been rolled into a module and added to the Metasploit Framework, a free penetration testing tool. Information on how to use the vulnerability is also now in widespread circulation.

Fractured glass photo effect courtesy of PhotoFunia.

At least there is some good news…Microsoft has confirmed that the exploit has no effect on Internet Explorer versions 6, 7, 9, and 10. If you have a system running Internet Explorer 8, then using an alternative browser until Microsoft releases a security update is a good idea. If using an alternative browser is not an option, then you can make use of Microsoft’s EMET (Enhanced Mitigation Experience) Toolkit (links are available at the bottom of the article).

From the Krebs on Security post: The security hole has already been leveraged in at least one high-profile attack. Over the weekend, several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software.

http://www.howtogeek.com/162783/expl...d-in-the-wild/

8th May 2013, 08:38	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 153,541	Exploit for New Internet Explorer 8 Vulnerability is Now Active and in the Wild Another day, another vulnerability waiting to be widely exploited by malware authors. The latest is a newly discovered vulnerability that affects Internet Explorer 8 whether it is in use on Windows XP, Vista, or 7. The exploit has already been rolled into a module and added to the Metasploit Framework, a free penetration testing tool. Information on how to use the vulnerability is also now in widespread circulation. Fractured glass photo effect courtesy of PhotoFunia. At least there is some good news…Microsoft has confirmed that the exploit has no effect on Internet Explorer versions 6, 7, 9, and 10. If you have a system running Internet Explorer 8, then using an alternative browser until Microsoft releases a security update is a good idea. If using an alternative browser is not an option, then you can make use of Microsoft’s EMET (Enhanced Mitigation Experience) Toolkit (links are available at the bottom of the article). From the Krebs on Security post: The security hole has already been leveraged in at least one high-profile attack. Over the weekend, several security vendors reported that the U.S. Department of Labor Web site had been hacked and seeded with code designed to exploit the flaw and download malicious software. http://www.howtogeek.com/162783/expl...d-in-the-wild/

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Internet Explorer 10 finally available for Windows 7	jmke	WebNews	0	26th February 2013 14:30
Microsoft confirms Flash vulnerability fix for Internet Explorer 10 coming soon	Stefan Mileschin	WebNews	0	12th September 2012 08:32
Ubuntu goes the way of Internet Explorer	Stefan Mileschin	WebNews	0	23rd July 2012 08:16
The Perfect Use for Internet Explorer 10	jmke	WebNews	0	26th August 2011 09:39
Internet Explorer 8 Comes To Fruition	jmke	WebNews	0	25th February 2009 09:51
First Look at Internet Explorer 8 Beta 2	jmke	WebNews	0	29th August 2008 09:46
crashes in internet explorer	The Senile Doctor	Hardware/Software Problems, Bugs	32	9th April 2005 19:51
Internet Explorer 7 to Come in Mid-2005	jmke	WebNews	0	18th February 2005 17:41
Serious bug found in Internet Explorer with XP SP2	jmke	WebNews	0	20th October 2004 16:54
Why You Should Dump Internet Explorer	jmke	WebNews	0	18th June 2004 11:23