Saturday, August 23, 2014
Breaking News
Home / Security / Exploits / New IE Zero-day available on Metasploit
New IE Zero-day available on Metasploit

New IE Zero-day available on Metasploit

A new Internet Explorer Zero-day (CVE-2012-4792) was released finally released publicly after it being private for a couple weeks.

CVE-2012-4792 was first discovered by FireEye security company.  Sometime in December, Council on Foreign Relations (CFR)’s website was compromised, and then began hosting malicious content from there.  The 0day exploit was written to target English, Chinese (China & Taiwan), Japanese, Korean and Russian-based Windows users.  Who would usually visit the CFR website?  Please feel free to guess.

If you are using IE 9 or IE 10, today’s is your lucky day, because you are not vulnerable to this.  For those who are using older versions of IE such as 8, you are at risk.

In addition, here’s Microsoft’s official advisory for CVE-2012-4792 that you should read: http://technet.microsoft.com/en-us/security/advisory/2794220

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.

Discuss

Loading Disqus Comments ...
Loading Facebook Comments ...