Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: New IE 0-day in the wild - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New IE 0-day in the wild

Qihoo 360 Technology, a Chinese internet security company, published a report for a new Internet Explorer zero-day exploit it has seen exploited in the wild by an (unmentioned) APT group. Qihoo 360 has reported this to Microsoft on 4/19/2018. We have no news from Microsoft.

The report can be found here (Standard Chinese).

Although the report does not contain much technical details, there is a diagram of the kill chain that we have translated here:

It seems that the initial attack, detected by Qihoo 360, used a Microsoft Office document containing a web page. The vulnerability seems to be in the Internet Explorer engine, and could thus be exploited via any application that uses the IE engine.

We will post more news as it becomes available.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

270 Posts
ISC Handler
Any news on how this might effect edge?

Thanks,

Martin.
mpearson98

1 Posts
QiHoo's report only mentions IE. We have no news that Edge is affected too.
DidierStevens

270 Posts
ISC Handler
A technical overview of the problem indicated that only EI, not Edge, is susceptible to this vulnerability
Anonymous
Anyone have CVE on this yet?
Thanks!
Bugbear

8 Posts

Sign Up for Free or Log In to start participating in the conversation!