Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New IE 0-day in the wild

Published: 2018-04-23
Last Updated: 2018-04-23 14:10:40 UTC
by Didier Stevens (Version: 1)
2 comment(s)

Qihoo 360 Technology, a Chinese internet security company, published a report for a new Internet Explorer zero-day exploit it has seen exploited in the wild by an (unmentioned) APT group. Qihoo 360 has reported this to Microsoft on 4/19/2018. We have no news from Microsoft.

The report can be found here (Standard Chinese).

Although the report does not contain much technical details, there is a diagram of the kill chain that we have translated here:

It seems that the initial attack, detected by Qihoo 360, used a Microsoft Office document containing a web page. The vulnerability seems to be in the Internet Explorer engine, and could thus be exploited via any application that uses the IE engine.

We will post more news as it becomes available.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
2 comment(s)
ISC Stormcast For Monday, April 23rd 2018 https://isc.sans.edu/podcastdetail.html?id=5965
Diary Archives