FireEye Labs has identified a new IE 0day exploit hosted on a breached website based in the US. It’s a brand-new IE 0-day that compromises anyone visiting a malicious website; classic drive-by download attack. The exploit leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution.
Exploitation
The information leak uses a very interesting vulnerability to retrieve the timestamp from the PE headers of msvcrt.dll. The timestamp is sent back to the attacker’s server to choose the exploit with an ROP chain specific to that version of msvcrt.dll. This vulnerability affects Windows XP with IE 8 and Windows 7 with IE 9.