IE vulnerability

Drone · Dec 14, 2012, 08:30 AM

This December seems to be an annoying one. Vulnerability in flash made IE and Chrome vulnerable. We had Cumulative Security Update for Internet Explorer but now there's other unpatched vulnerability ... in IE ... gosh not again

All these <specially crafted webpages> ...

Quote:

Spider.io claims to have discovered a flaw that affects IE, versions 6 through 10. The vulnerability reportedly allows the mouse cursor position to be tracked wherever it is on the screen - even if IE is minimized.

Wow ...

Quote:

The vulnerability was not addressed in the most recent security update for IE. Spider.io asserts that the flaw is being actively exploited, and claims the Microsoft Security Research Center (MSRC) <has acknowledged the vulnerability>, but has no immediate plan to patch it.

Lolwut ...

Quote:

Qualys CTO Wolfgang Kandek expressed concerns over the implications such a vulnerability might have for online banking. Many banks have implemented on-screen virtual keyboards for entering account credentials as a means of avoiding traditional keylogger attacks.

Andrew Storms, director of security operations for nCircle, agrees. “This exploit renders that mitigation null and void - it has the effect of a key logger on virtual keyboards. Attackers could potentially capture the clicks connected with banking credentials using this exploit and that isn't good news for the 63 million Americans that bank online.”

Whateva ..

Ok people, be safe.

thxbai

Hybrid_theory · Dec 24, 2012, 01:53 AM

i just find its hilarious that it affects basically all current versions of IE. good job microsoft.

eidairaman1 · Dec 24, 2012, 02:38 AM

this is just like the same thing with key loggers

Drone · Jan 5, 2013, 10:03 PM

IE ... poor thing give it a break ...

Hackers find another zero-day hole in Internet Explorer

Quote:

An elite hacker group credited last year with having an inexhaustible supply of zero-day vulnerabilities was responsible for digging up and first using the newest unpatched bug in IE, a Symantec manager said.

The gang, dubbed "Elderwood" after a source code variable regularly used by the hackers, had been profiled last September by Symantec in a research paper that outlined its strategies as well as its hacking tactics.

Drone · Jan 16, 2013, 08:03 AM

Microsoft Fixes IE Zero-Day Bug

Quote:

Microsoft rolled out an update for Internet Explorer (versions 6, 7, and 8) to close the the zero-day vulnerability which had already been used in several targeted attacks recently.

Well done.

lyndonguitar · Jan 16, 2013, 09:11 AM

only the cursor? I'll not be surprised if somehow keys can be logged as well

Quote:

but has no immediate plan to patch it.

good job! lol is this fixed yet?

System Name:	Asus M60J
Processor:	Intel Core i7 720QM
Memory:	4GB
Video Card:	NVIDIA GeForce GT 240M
Hard Disk:	x2 320GB Seagate
Software:	Windows 8

Dec 24, 2012, 01:53 AM	#2
Hybrid_theory Join Date: Mar 2007 Location: ontario canada Posts: 1,691 (0.75/day) Thanks: 113 Thanked 164 Times in 146 Posts System Specs	i just find its hilarious that it affects basically all current versions of IE. good job microsoft. __________________ xboxlive: Hybrid461 PSN: ryan461 Steam name: Hybrid_theoryTPU.

System Name:	home brew
Processor:	Intel Corei7 3770K OC @ 4.5Ghz
Motherboard:	ASUS P8Z77-V
Cooling:	Corsair H100
Memory:	16GB DDR3 1600 GSKILL
Video Card:	Powercolor Radeon 7970, MSI Radeon 7970
Hard Disk:	Mushkin Chronos Deluxe 240gb. 2 TB Hdd.
Optical Drive:	1 dvd burner
CRT/LCD Model:	3x24inch Dell Ultra IPS
Case:	CM storm trooper
PSU:	Antec Quattro OC ed. 1200w
Software:	Windows 7 Business x64
Benchmarks:	vantage: P43089

Dec 24, 2012, 02:38 AM	#3
eidairaman1 Eligible for custom title Join Date: Jul 2007 Location: HTX Posts: 10,078 (4.68/day) Thanks: 1,359 Thanked 1,159 Times in 1,035 Posts System Specs	this is just like the same thing with key loggers __________________ Athlon XP USERS with COD 4 FIX http://www.techsupportforum.com/foru...ls-202011.html http://www.howorks.com/2011/02/24/ho...-memory-limit/ “Sometimes my level of fail is unprecedented.” -TheMailMan78 “This is what the force of a thousand suns looks like.” -3870x2

System Name:	BS03/04
Processor:	AMD Athlon XP-M 2500+ 2.2GHz 1.5V
Motherboard:	DFI LanParty NFII Ultra-B Bios (TicTac 3D Fire R2)
Cooling:	4 Antec 80mm, TR SI-97 Adapted TT Big Typhoon Fan 120MM
Memory:	2GB Mushkin Redline 4000 @ 200 MHz 2.5V
Video Card:	Sapphire R1950Pro 512MB AGP 1.5V
Hard Disk:	250 & 400 GB Seagate Baracuda 10 SATA
Optical Drive:	2x Samsung Multiformat Rewritable Drives
CRT/LCD Model:	NEC Multisync LCD 1700V
Case:	Antec SX830 EATX Case
Sound Card:	Creative Labs SB XFi Xtreme Music & SB PCI 512
PSU:	Antec NEO HE 500 Watt
Software:	Windows 7 Home Premium
Benchmarks:	Win 7 Eval. CPU 3.9 Ram 4.5 Graphics 6.0 HD 5.7

System Name:	Xtreme-III \| Legendary \| Supernova
Processor:	Intel Core i7-2600K @ 4.5 GHz \| AMD Phenom II X4 955 @ 3.2ghz \| Intel Core i3-2100 @ 3.1GHz
Motherboard:	Asus P8P67-M \| Asus M4N68T-M \| ECS H61H2-M2
Cooling:	Corsair H50 \| Stock \| Stock
Memory:	Memory: G.Skill Sniper 8gb (dual) ddr3 1600 \| 6gb ddr3 1333 \| 4gb DDR3-1333
Video Card:	AMD Radeon HD 6870 Toxic Edition \| ATI Radeon HD 5750 1 GB \| Nvidia Geforce GT 430 1 GB
Hard Disk:	500 Gb SATA, 1 TB SATA, 1.5 TB SATA, 2 TB SATA \| 500 Gb SATA \| 500 Gb SATA
Optical Drive:	LG DVD Drive \| LG DVD Drive \| LG DVD Drive
CRT/LCD Model:	32" HDTV + 2 X 19" Monitor \| 19" Monitor \| 19" Monitor
Case:	CM Storm Sniper Mesh Edition \| Powerlogic 2000 \| Intex Supernova
Sound Card:	Onboard \| Onboard \| Onboard
PSU:	ST50F-ES 500W Silverstone Strider Essential \| Epsilon 80Plus 600W \| Generic 500W
Software:	Windows 7 Ultimate \| Windows 7 Ultimate \| Windows 7 Ultimate

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
WPS vulnerability	1freedude	Networking & Security	2	Feb 11, 2013 07:12 PM
New IE vulnerability.	horik	Networking & Security	12	Sep 22, 2012 01:53 PM
US-CERT warns of guest-to-host VM escape vulnerability	remixedcat	Networking & Security	0	Jun 13, 2012 11:33 PM
New Vulnerability Hits Excel	malware	News	3	Jan 19, 2008 03:51 PM
New Firefox Vulnerability Exposed	Jimmy 2004	News	11	Feb 27, 2007 08:04 AM