IE 7,8,9 0day in the wild – Microsoft Security Advisory (2757760) – CVE-2012-4969


Just after the JAVA-7  0day CVE-2012-4681, another 0day exploit, this time for Internet Explorer IE7,8,9; CVE-2012-4969 is found in the wild, actively used in targeted attacks.

New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7

The said exploit, used by Nitro Gang has just made its way into Metasploit module base. You can get more details in the Metasploit blog. The exploit which affects Internet Explorer 7,8 and 9 on Windows XP, Vista and 7 can compromise the system just by visiting the malicious website. As per the Microsoft Security Advisory, IE10 on Windows 8 is not exploitable. It seems that the bug has already been patched in IE10, but has not yet back ported to older versions.

Microsoft is yet to roll out a patch for the bug. Therez been a security advisory, http://technet.microsoft.com/en-us/security/advisory/2757760. Comprehensive security update to be released on Friday.

The Microsoft Security Response Center advices to,

Also, Disable JAVA until a fix appears from MS, since Metasploit module needs JAVA at victim side to exploit the vulnerability.

If you are looking for more details see the blog post http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/, which is explained as ‘Microsoft Internet Explorer execCommand Vulnerability’ in the later post http://eromang.zataz.com/2012/09/17/microsoft-internet-explorer-execcommand-vulnerability-metasploit-demo/ seems to be a good weapon in the botmakers arsenal to compromise more and more systems for blasting more SPAM mails.

For more details visit,

Also, please read this post on krebsonsecurity.com if you are really an IE user.

UPDATE: An update has been issued by MSRC assuring a “Fix it” in the next few days, read the update on Additional information about Internet Explorer and Security Advisory 2757760

UPDATE: As promised, Microsoft has released an immediate ‘Fix it’ to address the issue. For more information read the MSRC update here http://blogs.technet.com/b/srd/archive/2012/09/19/more-information-on-security-advisory-2757760-s-fix-it.aspx. Download the ‘Fix it’ from the Microsoft Support Center http://support.microsoft.com/kb/2757760

Notes from Support Center.

  • For computers that are running 64-bit operating systems, the following Fix it solution only applies to 32-bit versions of Internet Explorer.
  • Before you apply this Fix it solution, you must ensure that Internet Explorer is fully updated by using the Windows Update service.

UPDATE: It seems that the ‘Fix it’ expects the mshtml.dll with latest patch, otherwise the fix wont work. So make sure the box is fully patched before applying the fix for KB2757760 and test with Metasploit module.

UPDATE: Microsoft releases MS12-063 – Cumulative Security Update for Internet Explorer.

About these ads

One thought on “IE 7,8,9 0day in the wild – Microsoft Security Advisory (2757760) – CVE-2012-4969

  1. Pingback: FW: Alert: Stop Using Internet Explorer: Malware Found | Thomas Ballantyne

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s