Saturday, May 23, 2015
Home / Security / Exploits / New IE Zero-day available on Metasploit

New IE Zero-day available on Metasploit

A new Internet Explorer Zero-day (CVE-2012-4792) was released finally released publicly after it being private for a couple weeks.

CVE-2012-4792 was first discovered by FireEye security company.  Sometime in December, Council on Foreign Relations (CFR)’s website was compromised, and then began hosting malicious content from there.  The 0day exploit was written to target English, Chinese (China & Taiwan), Japanese, Korean and Russian-based Windows users.  Who would usually visit the CFR website?  Please feel free to guess.

If you are using IE 9 or IE 10, today’s is your lucky day, because you are not vulnerable to this.  For those who are using older versions of IE such as 8, you are at risk.

In addition, here’s Microsoft’s official advisory for CVE-2012-4792 that you should read:

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.

Check Also


Staples: Breached Investigation Launched

Staples has verified it is looking into a possible data breach following a report cautioned ...


Loading Disqus Comments ...
Loading Facebook Comments ...