Critical bug allows drive-by download attacks in Internet Explorer 3 through 11

Share this…

In its latest Patch Tuesday, Microsoft fixed a criticalvulnerabilitythat has existed since Windows 95 and affects Internet Explorer 3 all the way up to Internet Explorer 11. The bug, which comes from an old Windowslibrary, could allow an attacker to remotely compromise a computer via a drive-by download attack.

Critical bug allows drive-by download attacks in Internet Explorer 3 through 11

The flaw was originally discovered by researchers at IBM X-Force in May 2014, and has been assignedCVE-2014-6332with a CVSS score (severity index) of 9.3. Not only is the scope of this vulnerability extremely wide, but it is also capable of “sidestepping the Enhanced Protected Mode (EPM) sandbox in IE 11 as well as the highly regarded Enhanced Mitigation Experience Toolkit (EMET) anti-exploitation tool” according toRobert Freeman, Manager, IBM X-Force Research.

Source:https://www.hackbusters.com/news/stories/163889-critical-bug-allows-drive-by-download-attacks-in-internet-explorer-3-through-11