Zero-day exploit hits Internet Explorer 8

BitDefender issues emergency update to block malicious code execution on targeted systems

Australia & New Zealand – January 18, 2010 – BitDefender^®, an award-winning provider of innovative anti-malware security solutions, today warns of a critical zero-day exploit targeting Internet Explorer. BitDefender has issued an emergency update that intercepts and blocks the malicious code before it impacts the targeted system.

The Internet Explorer zero-day exploit, also known as CVE-2010-0249, takes advantage of a memory corruption vulnerability affecting all versions of Internet Explorer with the exception of Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000. According to preliminary reports, this vulnerability has already been used in targeted attacks against 34 major corporations, including Google and Adobe.

The exploit tricks Internet Explorer into allowing remote code execution, by accessing an invalid pointer after an object is deleted. An attacker may use email spam, social networking spam, or any other means of mass distribution to lure users into visiting the compromised resource. As soon as the document is processed, the malicious code injected into it would run in the context of the current user and would likely compromise the system. If the exploit fails, the attack would then trigger a denial-of-service condition.

A second vulnerability – known as CVE-2009-4324 – affects Adobe Reader, as well as Acrobat 9.2 and earlier versions. Successful exploitation could allow a remote party to execute arbitrary code on the infected machine, as well as carrying out cross-site scripting attacks.

The vulnerability exploits an error in the implementation of the Doc.media.newPlayer() JavaScript method, which is likely to corrupt memory when a specially crafted PDF file is run. Initially discovered on December 14, the vulnerability is still being exploited in the wild. BitDefender users have been protected since day zero, with proactive detection for the entire family of Trojans exploiting the PDF vulnerability issued.

In order to stay safe, BitDefender recommends the use of anti-malware suites with anti-virus, anti-spam, anti-phishing and firewall protection, whilst exercising particular caution when prompted to open files from unfamiliar locations.