Fresh IE9 exploit: details

From translator

In a recent IE9 error post, a 0-day vulnerability is remembered. I was interested in this information, and I tried to find out some details. The result was the next translation. I find it difficult to give an exact link to the description of a specific vulnerability; those who want more detailed information can find it on the Vupen website .

New IE9 exploit

The new IE9 exploit bypasses all security tools even in the latest version of Windows 7 with all the updates, according to the French company Vupen, specializing in information security.

The exploit uses an unclosed ( 0-day ) vulnerability in IE9 and bypasses all the special security features of Windows 7. The latest version of the Microsoft operating system is vulnerable, with the first service pack installed and all updates installed. The vulnerability was discovered by the French company Vupen, which also discovered a vulnerability in IE8 last December.

Vupen finds this vulnerability serious enough to be used for cyber attacks and launching arbitrary malicious code on Windows 7 computers. The exploit manages to bypass the additional security layers provided by Windows, such as ASLR , DEP and protected sandbox in IE9.
')
“The exploit exploits two different vulnerabilities. The first allows you to execute arbitrary code in the IE9 sandbox. The second allows you to bypass the sandbox to allow full code execution, ”said Vupen’s CEO Chaoki Bekra in an interview with the Danish Webwereld website.

However, the risk from this exploit is limited: the exploit code was not freely available. Vulnerabilities were discovered by Vupen researchers, and the exploit itself was prepared by them. "We have confirmed that vulnerabilities can be used to create an exploit, and we have created an exploit that allows the execution of arbitrary code that works in IE9 under Windows 7 and Windows 7 SP1," said Becker.

He also noted that the vulnerabilities were not publicly disclosed: “access to our code and the results of the in-depth vulnerability analysis is limited to our government clients who use this information to protect their infrastructure.”

Currently, IE9 is not being used massively by either governments or companies. However, the vulnerability is not limited to the latest version of the Microsoft browser. The security hole is also present in IE8, 7 and 6, for which Vupen has not yet made a ready exploit.

The error concerns Internet Explorer versions 9, 8, 7 and 6, and is due to the “use memory after it is released” logic in the mshtml.dll library when processing a specific combination of HTML and JavaScript. Vupen recommends that all IE users turn off JavaScript or use another browser that is not affected by this vulnerability.

The Vupen exploit code is only effective in IE9, which runs on Windows 7 and Vista. IE9 was released relatively recently, and is not distributed through Windows Update. Microsoft plans to include it in updates in the coming weeks. The specific date of widespread browser is not yet known.

IE9 currently uses 3.6 percent of Windows 7 users, based on NetApplications statistics. Windows 7 as such has about 25% of the market. So far, Windows XP has a wider user base.

According to the same data, among all PC users, IE9 use about 1.04 percent. The competing statistics service StatCouner does not even single out IE9 as a separate browser in its review of market distribution, categorizing it as “the rest.”