Microsoft’s legacy browser, Internet Explorer may flinch you at a Gordian knot. The booby-trapped browser is cursed with remote code execution vulnerability that allows threat actors to execute arbitrary code in the context of the user.
The remote code execution IE Zero-day vulnerability in Internet Explorer scripting engine allows threat actors to execute arbitrary code in the context of the user. Manipulators who successfully exploited the IE Zero-day vulnerability could leverage the security privileges of the logged in user & execute malevolent code to corrupt system memory. In other words, if you are logged on with administrative user rights, this vulnerability could be exploited to take full control of an affected system.
- Deploy malicious code on a user’s system.
- Install malicious programs.
- View, change or delete data
- Create new accounts with full user rights
This Zero-day vulnerability is tracked as CVE-2018-8653 & can further be exploited in the following ways:
- In Web-based scenarios, attackers could host especially crafted malicious sites designed to exploit vulnerability via Internet Explorer. Innocent users can then be lured to visit the contagious sites via ads or booby-trapped emails. The embedded malefic script in the corrupt site, in turn, may infect a user‘s system.
- Threat actors can also make hay of the Applications that embed the IE scripting engine to render web-based content to vitiate user system. Examples of such apps include – applications that are part of the Office suite.
To Read more Click here
No comments:
Post a Comment