Previous version of IE browser discovered new Zero vulnerability latest version unaffected

According to foreign media reports, security manufacturer FireEye in Microsoft IE browser found a new zero security vulnerabilities, and the vulnerability may be widely used by network criminals. It is reported that the vulnerability affected only IE6, 7 and 8,IE9 and 10 do not exist this security vulnerability.

Dustin Childs of Microsoft Trustworthy Computing to media: "Microsoft released security bulletin No. 2794220, informing users of a security breach in IE6, 7, and 8." While we are actively developing a simple and easy-to-use one-click Patch to solve this problem, we strongly recommend that users take the mitigation and contingency scenarios described in the bulletin. ”

FireEye found on December 21 that Council on Foreign Relations (CFR) site had been compromised and was implanted with malicious content. "The CFR website security team already knows the problem and is currently investigating," CFR spokesman David Michel David Mikhail said in Thursday to the Washington Free Beacon. We will also try to reduce the likelihood of similar incidents in the future. ”

It is reported that malicious JavaScript only in English, Simplified Chinese, Traditional Chinese, Japanese, Korean or Russian version of IE browser can use malicious code. Once the initial test passes, JavaScript will load a flash file called "today.swf". This file will eventually trigger the heap spray attack and download a file called "Xsainfo.jpg".

More detailed information about the vulnerability is provided in the Cert Knowledge Base (vu#154201).

Technical information about the vulnerability is as follows:

Microsoft IE contains a "release after use" (use-after-free) vulnerability in MSHTML cdwnbindinfo. JavaScript written specifically for this vulnerability may cause IE to create a CDoc object that contains Cdwnbindinfo objects. This object may be freed without removing the pointer, which could result in IE trying to call an invalid memory address. With heap spray or other techniques, attackers can place arbitrary code in this address. This vulnerability is now widely used to implement heap spray attacks using Adobe Flash and to provide ROP (return oriented programming) controls using Java.

Since there are no available patches, FireEye has provided some contingency measures in the report: Using Microsoft Enhanced Mitigation Experience Toolkit (EMET), disabling Flash ActiveX control in IE, Disables Java in IE. FireEye advises users not to use IE8 or earlier IE browsers to upgrade to IE9 or 10, or to use a different browser, such as Google (Weibo) Chrome.