Log in

View Full Version : Critical Internet Explorer 11 Vulnerability Identified After Hacking Team Breach

July 15th, 2015, 20:44
After analyzing the leaked data from last week's attack on Hacking Team (http://it.slashdot.org/story/15/07/07/1355223/hacking-team-scrambling-to-limit-damage-brought-on-by-explosive-data-leak), Vectra researchers discovered a previously unknown high severity vulnerability in Internet Explorer 11 (http://blog.vectranetworks.com/blog/microsoft-internet-explorer-11-zero-day), which impacts the browser on both Windows 7 and Windows 8.1. The vulnerability is an exploitable use-after-free (UAF) vulnerability that occurs within a custom heap in JSCRIPT9. Since it exists within a custom heap, it can allow an attacker to bypass protections found in standard memory. Microsoft has published a patch for this vulnerability, and also patched another one pulled from the Hacking Team files (http://arstechnica.com/security/2015/07/ms-kills-critical-ie-11-bug-after-exploit-was-shopped-to-hacking-team/) by different security researchers.
