CVE-2013-1347 Microsoft Internet Explorer 8 Vulnerability Metasploit Demo

Timeline : Watering hole campaign first reported on a private mailing list the 2013-04-30 Watering hole campaign publicly disclosed by AlienVault and Invincea the 2013-04-30 0day exploit spotted by FireEye the 2013-05-03 Microsoft Security Advisory posted the 2013-05-03 Metasploit PoC provided … Continue reading →

MS11-080 Microsoft Windows AfdJoinLeaf Privilege Escalation Metasploit Demo

Timeline : Vulnerability reported to Microsoft by Bo Zhou Coordinated public release of the vulnerability the 2011-10-11 Metasploit PoC provided the 2012-10-02 PoC provided by : Bo Zhou Matteo Memelli Spencer McIntyre Reference(s) : MS11-080 CVE-2011-2005 Affected version(s) : Windows … Continue reading →

MS12-063 Out-of-Band Microsoft Security Update for Internet Explorer Fix 0day

Microsoft has release, the 21 September 2012, as planned in his “Microsoft Security Bulletin Advance Notification for September 2012“, one security bulletin MS12-063 in order to fix multiple 5 security vulnerabilities, including the 0day vulnerability I discovered last … Continue reading →

CVE-2012-4969 Microsoft Internet Explorer execCommand Vulnerability Metasploit Demo

Timeline : Vulnerability found exploited in the wild and discovered by Eric Romang First details of the vulnerability the 2012-09-14 Advanced details of the vulnerability provided by binjo the 2012-09-16 Metasploit PoC provided the 2012-09-17 PoC provided by … Continue reading →

Zero-Day Season Is Really Not Over Yet

I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild. First … Continue reading →