New exploit for recent Internet Explorer hole
Security expert Peter Vreugdenhil from Exodus Intelligence says that the recent temporary fix Microsoft released to patch a memory error in Internet Explorer can be bypassed using a new technique. Versions 6 to 8 of the browser are affected.
The company hasn't released any details concerning the new exploit. Kaspersky's threatpost news service quoted a company executive as saying: "Usually, there are multiple paths one can take to trigger or exploit a vulnerability. The 'Fix It' did not prevent all those paths."
Microsoft says it is working on a patch for the hole, but it won't be part of this Tuesday's scheduled updates. In the meantime, IE users can implement one of Microsoft's other suggested measures by, for example, installing and configuring EMET, the Enhanced Mitigation Experience Toolkit. An alternative is to switch to a more recent version of IE or to a different browser.
Exodus provides a detailed analysis of the hole and the earlier attack vectors in another blog post. Apparently, the issue is caused by a deallocated memory area being reused. The blog post then demonstrates how to manipulate the CPU's Extended Instruction Pointer (EIP) in such a way that it points to arbitrary code. The hole has already been exploited in compromised web pages, making them deploy malicious code on visitors' computers.