The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Internet Explorer Exploit

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

December 19, 2018Swati Khandelwal
Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers. Discovered by security researcher Clement Lecigne of Google's Threat Analysis Group, the vulnerability, tracked as CVE-2018-8653, is a remote code execution (RCE) flaw in the IE browser's scripting engine. According to the advisory, an unspecified memory corruption vulnerability resides in the scripting engine JScript component of Microsoft Internet Explorer that handles execution of scripting languages. If exploited successfully, the vulnerability could allow attackers to execute arbitrary code in the context of the current user. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change,
Microsoft Internet Explorer Universal Cross-Site Scripting Flaw

Microsoft Internet Explorer Universal Cross-Site Scripting Flaw

February 04, 2015Swati Khandelwal
A serious vulnerability has been discovered in all the latest versions of Microsoft's Internet Explorer that allows malicious hackers to inject malicious code into users' websites and steal cookies, session and login credentials. UNIVERSAL XSS BUG WITH SAME ORIGIN POLICY BYPASS The vulnerability is known as a Universal Cross Site Scripting (XSS) flaw. It allows attackers to bypass the Same-Origin Policy, a fundamental browser security mechanism, in order to launch highly credible phishing attacks or hijack users' accounts on any website. The Same Origin Policy is one of the guiding principles that seek to protect users' browsing experience. SOP actually prevents one site from accessing or modifying the browser properties, such as cookies, location, response etc, by any other site, ensuring that no third-party can inject code without the authorization of the owner of the website. DEMONSTRATION Recently, a proof-of-concept exploit published by a group, known as Deusen, sho
New Zero-Day Vulnerability CVE-2014-1776 Affects all Versions of Internet Explorer Browser

New Zero-Day Vulnerability CVE-2014-1776 Affects all Versions of Internet Explorer Browser

April 27, 2014Mohit Kumar
Microsoft confirmed a new Zero Day critical vulnerability in its browser Internet Explorer . Flaw affects all versions of Internet Explorer, starting with IE version 6 and including IE version 11. In a Security Advisory ( 2963983 ) released yesterday, Microsoft acknowledges a zero-day Internet Explorer vulnerability ( CVE-2014-177 6) is being used in targeted attacks by APT groups, but the currently active attack campaigns are targeting IE9, IE10 and IE11. INTERNET EXPLORER 0-DAY VULNERABILITY (CVE-2014-1776) According to Advisory, Internet Explorer is vulnerable to Remote Code Execution, which resides ' in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. ' Microsoft said. Microsoft Investigation team is currently working with FireEye Security experts, and dubbed the ongoing targeted campaign as " Operation Clandestine Fox ". In a blogpost , FireEye explained that an attacker c
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.