Security firm FireEye Labs has put up a security advisory after discovering a new security vulnerability in Internet Explorer, warning that users on both Windows XP and Windows 7 are at risk.
Researchers report that cybercriminals were exploiting two different flaws in the attacks by directing users to a malicious website. The company further added that it is currently working with Microsoft on addressing these two vulnerabilities.
The first one of these, according to the company, is an information disclosure vulnerability that is used to retrieve the timestamp from the PE headers of mscvrt.dll. Brace for some technical wordings:
“The timestamp is sent back to the attacker’s server to choose the exploit with an ROP chain specific to that version of msvcrt.dll. This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9.”
And the second vulnerability is a memory access vulnerability on the English versions of Internet Explorer 7 and 8, both on Windows XP and Windows 7. Brace for even more technical wordings:
“This exploit has a large multi-stage shellcode payload. Upon successful exploitation, it will launch rundll32.exe (with CreateProcess), and inject and execute its second stage (with OpenProcess, VirtualAlloc, WriteProcessMemory, and CreateRemoteThread). The second stage isn’t written to a file as with most common shellcode, which usually downloads an executable and runs it from disk.”
Told you it was as technical as it gets!
Anyway, while there are reports of attacks in the wild using these two flaws, the good thing is that Microsoft is aware of it and should patch these two problems soon.