728x90
The Zero Day Initiative has published a new and unpatched IE 0-Day that was originally reported to them (and by extension, Microsoft) in October 2013. In essence, a victim has to go to a crafted webpage that takes advantage of handling of CMarkup objects which ultimately can be used to execute code with the permissions of the web browser process. Microsoft says the EMET will mitigate this vulnerability and at least Tipping Point claims protection with their devices. At this point, there is no indication that it is being used in the wild. The interesting thing here is the timeline between initial report and there being no patch.
This diary will be updated as the situation warrants.
728x90
'Security_News > 해외보안소식' 카테고리의 다른 글
| 인터넷 뱅킹 이용자에 대한 공격 도구 "SPYEYE"관련 사이버 범죄자 영국에서 체포 (0) | 2014.05.24 |
|---|---|
| 대만 정부 기관에 대하여 변론 표적 공격 (0) | 2014.05.24 |
| 안드로이드를 목표로 한 랜섬웨어 탐지 (0) | 2014.05.22 |
| 스피어 피싱에 사용되고 있는 IE 신규 취약점(0-day) (0) | 2014.05.22 |
| 中 1분기 모바일 구매결제류 앱 중 320종 바이러스 탐지 (0) | 2014.05.22 |