SecurityTube

Another IE Exploit Targeting Defense Industry Discovered

JB

Another malicious website has been discovered hosting an exploit for the zero-day vulnerability Internet Explorer patched by Microsoft last week. This site, like the other exploits discovered, targets the defense and space industries, and is dropping an unknown payload, according to Barracuda Labs. Researcher Dave Michmerhuizen said the compromised site is not likely a drive-by attack, but instead may be included in phishing email messages to specific individuals within those respective industries.

“What makes this vulnerability so serious is that just one click on a link in such an email is all it takes to completely carry out the exploit,” Michmerhuizen wrote in a blogpost.

The site shows a WebEx meeting interface with a “Meeting Canceled” notice splashed on the page. Under the hood, two HTML pages are loaded into invisible iframe elements. One triggers the use-after-free vulnerability that bypasses Windows’ built-in ASLR protections with additional commands that will download and execute the malicious payload.

The second HTML file sets up and triggers the exploit if the user is running IE.

“The exploit triggers automatically and the result is the download and execution of a backdoor which gives the attacker full access to the computer, and, if they're lucky, the organizational network that the computer is on,” Michmerhuizen wrote.