Se ha reportado un nuevo 0day que afecta a los sistemas operativos de Microsoft Windows en sus navegadores Internet Explorer. Para ser mas precisos, Internet Explorer 7, 8 y 9 en los sistemas operativos windows XP, windows VISTA y windows 7.Por el momento una de las soluciones es que utilices otro navegador como Chrome o bien Firefox, aunque estuve realizando pruebas y el Antivirus de AVG ya lo detecta como Malware.
Anexo El reporte Completo del Blog de Metasploit.https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit
We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source:
StatCounter). We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures.
Here's the back story: Some of you may remember that a couple of weeks ago, the Metasploit exploit team released a blog regarding a new Java exploit (
CVE-2012-4681), with a blog entry titled "
Let's Start the Week with a New Java 0day in Metasploit". You'd think the 0-day attack from the same malicious group might cool down a little after that incident... well, you'd be wrong. Because last weekend, our fellow researcher and Metasploit contributor
Eric Romang just spotted another 0-day, possibly from the same group, exploiting a Microsoft Internet Explorer use-after-free vulnerability.
The following screenshot demonstrates a successful attack against a Windows 7 machine with Internet Explorer 9 installed:
This one is against Internet Explorer 8 installed:
Here's another example exploiting a fully-patched Windows XP SP3 box:
The exploit also works against Windows Vista, but I think you guys get the point now.
[...] de Microsoft que lo utilizan (Windows XP, Windows Vista y Windows 7). Hoy leyendo mis RSS leo en Flu-Project que Metasploit ya lo tiene implementado, así que vamos a ver como [...]
ResponderEliminar