- Apr 25, 2013
- 5,355
Unicorn is the name given to a bug found in Internet Explorer which allows an attacker to execute code remotely on the targeted victim’s machine. This vulnerability, known as CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. In other words, unless you are using a ancient system from the 80’s, your PC is vulnerable and you are advised to update your Windows right now. The vulnerability not only, can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft’s free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET).
Attack Detailed
The poof pf concept of this vulnerability was made public some time last week. Since the flaw is in Internet Explorer, an attacker only needs a website to target potential victims. ESET said that, “Scouring our data, we found several blocked exploitation attempts while our users were browsing a major Bulgarian website. As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors.”
The website in question, is a news agency and carries articles on some reality show winners. Ranked among the 50 most visited websites in Bulgaria and among the 11,000 first worldwide according to the Alexa Internet Website ranking site, might just be part of the first significant in-the-wild use of this vulnerability. Thus far it is noticed that there is only one page on the website that has been compromised and is serving this exploit, possibly indicating a testing phase.
Full Article
Attack Detailed
The poof pf concept of this vulnerability was made public some time last week. Since the flaw is in Internet Explorer, an attacker only needs a website to target potential victims. ESET said that, “Scouring our data, we found several blocked exploitation attempts while our users were browsing a major Bulgarian website. As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors.”
The website in question, is a news agency and carries articles on some reality show winners. Ranked among the 50 most visited websites in Bulgaria and among the 11,000 first worldwide according to the Alexa Internet Website ranking site, might just be part of the first significant in-the-wild use of this vulnerability. Thus far it is noticed that there is only one page on the website that has been compromised and is serving this exploit, possibly indicating a testing phase.
Full Article