Friday, April 28, 2017
Home / Security / Exploits / New IE Zero-day available on Metasploit

New IE Zero-day available on Metasploit

A new Internet Explorer Zero-day (CVE-2012-4792) was released finally released publicly after it being private for a couple weeks.

CVE-2012-4792 was first discovered by FireEye security company.  Sometime in December, Council on Foreign Relations (CFR)’s website was compromised, and then began hosting malicious content from there.  The 0day exploit was written to target English, Chinese (China & Taiwan), Japanese, Korean and Russian-based Windows users.  Who would usually visit the CFR website?  Please feel free to guess.

If you are using IE 9 or IE 10, today’s is your lucky day, because you are not vulnerable to this.  For those who are using older versions of IE such as 8, you are at risk.

In addition, here’s Microsoft’s official advisory for CVE-2012-4792 that you should read: http://technet.microsoft.com/en-us/security/advisory/2794220

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …