zero-day createTextRange exploit gets an upgrade. |
Mar 31 2006 11:52AM |
The Metasploit Project has released refined exploit code for the current zero-day createTextRange vulnerability. Previously, an infected browser would consume 100% CPU usage for a significant period of time while the vulnerability was exploited. The exploit attempt would fail if the user closed the frozen browser before the infection had completed. The updated exploit code uses a more sophisticated heap spraying technique to infect the computer faster and without freezing the browser. We expect this new technique to result in an increased use of the exploit and an increase in successful infections. |
(Websense Security Labs Blog)
追加情報
「続きを読みたければこちらへ」,攻撃サイトへ誘導する偽ニュース・メールに注意
http://itpro.nikkeibp.co.jp/article/NEWS/20060403/234362/
IEのパッチ未公開ホールを突くプログラムが出現,MSは回避策を公表
http://itpro.nikkeibp.co.jp/article/NEWS/20060324/233222/
IEでの回避策
http://www.microsoft.com/japan/technet/security/advisory/917077.mspx