Microsoft Windows IE Vulnerability attacks spotted in the wild
Dell Sonicwall Threats Research team has found Internet Explorer vulnerability (CVE-2013-2551) still being exploited in the wild.
This use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code
via a crafted web site that triggers access to a deleted object.
This vulnerability has already been patched.
Following is an in-depth analysis of the attack.
Below is the crash code:
Due to this vulnerability attacker is able to control data in memory. In this case its from address 0x0c0c0c0c
The crash point:
We can see how the ROP Chain translates into memory
The stack trace:
We can see how the memory 0x0c0c0c0c is being written into.
Dell SonicWALL protects against this threat with the following signatures: