Security Advisory - September 18, 2012

Zscaler Deploys Protections to Combat Exploitation of 0Day Vulnerability in Internet Explorer

Zscaler has deployed various protections to combat the exploitation of a 0day vulnerability in versions of the Microsoft Internet Explorer web browser.  Targeted attacks have been identified in the wild, but exploitation is likely to broaden now that public exploit code and a Metasploit module are available.  Microsoft has issued an advisory that includes recommended work-arounds and mitigations, such as deploying the Enhanced Mitigation Experience Toolkit (EMET).  Zscaler will continue to monitor exploits associated with this vulnerability and deploy additional protections as necessary.

Microsoft Security Advisory (2757760) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

Severity: Critical
Affected Software

  • Microsoft Internet Explorer 6
  • Microsoft Internet Explorer 7
  • Microsoft Internet Explorer 8
  • Microsoft Internet Explorer 9

CVE-2012-4969 - Use-after-free vulnerability in the CMshtmlEd:Exec function

Description: A use-after-free vulnerability exists in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allowing remote attackers to execute arbitrary code via crafted a web site.

Additional References:

http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/

https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit