Posts Tagged ‘internet explorer’
Internet Explorer 8 0day
Last week, news broke that the U.S. Department of Labor’s (DoL) website was compromised… and that it had been serving up Internet Explorer 0day to its visitors. This 0day, CVE-2013-1347 (Retina Audit 19041 – Microsoft Internet Explorer 8 Remote Code Execution Vulnerability (Zero-Day)), only affects Internet Explorer 8 on Windows XP, Vista, and Windows 7 (as well as Server 2003,…
Java/IE 0days Put to Bed
Over the past two days, two actively exploited 0day vulnerabilities got patched. Yesterday, Oracle addressed the 0day in Java, CVE-2013-0422, with an new update, Java 7u11. Today, Microsoft addressed the 0day in Internet Explorer 6-9, CVE-2012-4792, with MS13-008. In addition to fixing the 0day vulnerability, the Java update changes the default security level setting from…
Mmm, Smells Like 0day
Just when you thought we were out of the woods, Internet Explorer 0day shows up, in the wild. Here’s what you need to know about the vulnerability: Internet Explorer 6, 7, 8, and 9 are vulnerable (UPDATE: Out-of-band patch available now!) Use-after-free when the CMshtmlEd object is deleted and then the same area in memory…
