Four IE browser 0day vulnerability is released-vulnerability warning-the black bar safety net

2015-07-25T00:00:00
ID MYHACK58:62201565060
Type myhack58
Reporter 佚名
Modified 2015-07-25T00:00:00

Description

Hewlett-Packard's Zero-Day Initiative (ZDI)team has published four against Microsoft IE browser 0day vulnerabilities, these vulnerabilities can cause the victim host to be the remote execution of malicious code. All four of these vulnerabilities were reported to Microsoft, was originally for the desktop in the IE browser, but after the discovery of these vulnerabilities also affect Windows Phone in the system IE. These four vulnerabilities are affecting the browser of the different components, are available through the"forced download"attack to be used. Vulnerability description The following is the four vulnerabilities: ZDI-1 5-3 5 9: AddRow out of bounds memory read vulnerability ZDI-1 5-3 6 0: Use-After-Free remote code execution vulnerability ZDI-1 5-3 6 1: Use-After-Free remote code execution vulnerability ZDI-1 5-3 6 2: Use-After-Free remote code execution vulnerability Four vulnerabilities, the most dangerous one is the AddRow out of bounds memory read vulnerability, which affects IE handled certain arrays. Zero Day Initiative team in an announcement wrote: "This vulnerability is related to IE handling the HTML table cell array of the way, through the manipulation of document elements, an attacker can force IE out of bounds access to the HTML cells of the array, in the current process under execution code." Another bug is on IE processing CAttrArray object. By manipulating document elements, an attacker could exploit this vulnerability forced to re-use an already released memory of hanging pointers, so on the target machine to execute malicious code. While the other two vulnerabilities are very similar, resulting in the IE handling CTreePos and CCurrentStyle object in the process. Currently Microsoft has to repair the desktop in IE browser vulnerabilities, but in Internet Explorer mobile version the problem still exists.