Indian News

After the  last zero day exploit on Java  we reported some weeks ago it appears that a new 0day has been found in Internet Explorer by the same authors that created the Java one. Yesterday,  Eric Romang  reported the findings of a new exploit code on the same server that the Java 0day was found some weeks ago. The new vulnerability appears to affect Internet Explorer 7 and 8 and seems to be exploitable at least on Windows XP. The exploit code found in the server works as follow: - The file exploit.html creates the initial vector to exploit the vulnerability and loads the flash file Moh2010.swf. - Moh2010.swf is a flash file encrypted using  DoSWF .  We’ve seen the usage of DoSWF in the exploit code of other targeted attacks such as: -  Several Targeted Attacks exploiting Adobe Flash Player (CVE-2012-0779) The Flash file is in charge of doing the heap spray. Then it loads Protect.html Due to the usage of DoS