IE remote code execution vulnerability is exploited for in-depth Parsing

Microsoft announced a critical ie vulnerability and released patches on Tuesday. However, this vulnerability has been exploited by many people.

The vulnerability, CVE-2012-1875, was patched by Microsoft MS12-037.

SophosLabs has tried to exploit this vulnerability multiple times (Sophos detects it as Exp/20121875-).

Cunningly-crafted JavaScript code-which can be embedded on web pages and forcibly attack undefended Internet users-has become popular on the Internet.

At the same time, the Metasploit development framework now has a module framework plug-in that can automatically generate malicious JavaScript and help attackers launch automated attacks (only for authorized penetration testing and research purposes ).

The CVE-2012-1875 vulnerability is the well-known Microsoft Internet Explorer Same ID attribute remote code execution vulnerability. It is caused by poor Internet Explorer Memory Management.

This vulnerability is often considered to be a bug "used after memory is released. This occurs when a program releases a surplus memory block. In principle, it needs to be distributed after being recycled by the operating system, but the application continues to use it, by then, the memory block may have been unexpectedly changed.

There are currently two ways to deal with the difficulty of sorting modern operating system releases: DEP (preventing Data Execution) and ASLR (random address space layout ).

DEP allocates memory blocks so that they are only used for data storage, rather than code execution, reducing the chance of hackers inserting malicious code to run.

ASLR (Address space layout randomization) is a security protection technology for buffer overflow. It randomizes linear zone la S such as heap, stack, and shared library ing, by increasing the difficulty for attackers to predict the target address, attackers are prevented from directly locating the attack code to prevent overflow attacks. According to research, ASLR can effectively reduce the success rate of buffer overflow attacks. Currently, mainstream operating systems such as Linux, FreeBSD, and Windows have adopted this technology.

1 2 Next Page

[Content navigation]
Page 1st: ID attribute Remote Code Execution Vulnerability-memory management	Page 2nd: DEP and ASLR cannot block remote code