Latest Internet Explorer Zero Day Exploited In The Wild
Dell Sonicwall Threats Research Team has spotted latest Zero Day that exploits Vulnerability CVE-2014-0322.
The exploit was getting served from an infected website which since has taken down the malicious HTML.
Following shows the structure of the exploit.
Here an ActiveXObject is getting instantiated.
We can see the code for Memory Corruption.
Here function puIHa3 has a check for presence of a DLL followed by reference to swf file.
Also, we can see the exploit specifically checks for the presence of IE 10.
Swf is also responsible for further allocating bytes to carry out successful exploitation.
We have implemented following signatures to detect the attack.
- IPS: 6315 HTTP Client Shellcode Exploit 11a
- IPS: 7454 HTTP Client Shellcode Exploit 35a
- GAV: CVE-2014-0322#swf (Exploit)
- GAV: CVE-2014-0322#html (Exploit)