"The vulnerability by itself does not allow arbitrary code to be run. The vulnerability could allow the attacker to access sensitive information from one domain and inject it into another domain. The flaw is an elevation of privilege vulnerability in Internet Explorer that would allow an attacker to trick a victim into visiting a compromised website. The company also pushed out a patch for another critical vulnerability (CVE-2017-0210) under active attack. Patch for Critical IE Flaw Being Exploited in the Wild Microsoft has released a fix for CVE-2017-0199 and credited Hanson with responsible reporting the critical vulnerability to the company. The attack can bypass most exploit mitigations developed by Microsoft, and according to Ryan Hanson of security firm Optiv, in some cases, exploits can execute malicious code even when Protected View is enabled.Īs The Hacker News reported Monday, this code-execution flaw in Microsoft Word was being exploited by hackers to spread a version of infamous Dridex banking trojan.Īlso, according to blog posts published Tuesday by security firms FireEye and Netskope, hackers are exploiting the same Word vulnerability to install Latentbot and Godzilla malware respectively.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |