Hey there! Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 09 November 2013 - 10:37 AM
FYI...
New IE 0-Day vuln exploiting msvcrt.dll - https://isc.sans.edu...l?storyid=16985 Last Updated: 2013-11-09 13:41:19 UTC - "FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10. According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available..."
Edited by AplusWebMaster, 09 November 2013 - 11:09 AM.
.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Interests:... The never-ending battle for Truth, Justice, and the American way.
Posted 11 November 2013 - 07:28 PM
FYI...
IE 0-Day vuln exploiting msvcrt.dll ...
- https://isc.sans.edu...l?storyid=16985
Last Updated: 2013-11-11 23:41:53 UTC ... Version: 3 - "... Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here(1) which also includes a list of domains, MD5 hash and User-Agent information.
Update 2: Microsoft is releasing tomorrow a fix for this vulnerability* (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview**..."
1) http://www.fireeye.c...ess-method.html
- https://blogs.techne...Redirected=true
7 Nov 2013 - "... this release won’t include an update for the issue first described in Security Advisory 2896666..."
Edited by AplusWebMaster, 29 November 2013 - 10:50 PM.
.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
