News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About
The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot your password?

State-sponsored attackers likely used IE hole to target Gmail accounts

2012.06.14 08:18 by Daniela
Tags: Gmail, IE

 

Microsoft and Google have warned about a new Internet Explorer zero-day being exploited to break into GMail accounts. The issue first started to crop up last week at which time, Gmail users that had their accounts breached, were given an alert message upon signing into their account stating that they were potentially a victim of "state sponsored attackers" who were trying to gain access to their gmail account.

The browser flaw, which is currently unpatched, expose Windows users to remote code execution attacks with little or no user action (drive-by downloads if an IE users simply surfs to a rigged site):

"The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user."

In its security advisory on the issue, Microsoft acknowledges the Google Security Team for working with the company on the MSXML Uninitialized Memory Corruption Vulnerability. Microsoft also thanks a Chinese security team, Qihoo 360 Security Center, for reporting the vulnerability.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
comment discuss top

exec. time: 0.00572 s
Copyright © 1998-2014 Speed Guide, Inc. All rights reserved.
Terms of Use | Privacy Policy