Microsoft released an advisory last weekend on a new IE (Internet Explorer) zero-day in the wild, CVE-2014-1776. It is believed that the attack was used in a form of a spear-phishing. The vulnerable component is VGX.DLL, which is used for VML (Vector Markup Language) rendering on IE. IE 6 to IE 11 are vulnerable and according to a report from FireEye, the exploit found in the wild was targeting IE 9 to IE 11. While there is no further technical detail publically available on the vulnerability at this time (except that the vulnerability type is use-after-free) I thought that looking back into recent exploitation trends on the vulnerable component (VGX.DLL) would be interesting. And indeed, VGX.DLL has a history of exploitation going back to 2006.
Table 1 shows a summary of recent vulnerabilities related to VGX.DLL.
more here.........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Microsoft-IE-zero-day-and-recent-exploitation-trends-CVE-2014/ba-p/6461820#.U2FBZvldWSo
Table 1 shows a summary of recent vulnerabilities related to VGX.DLL.
more here.........http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Microsoft-IE-zero-day-and-recent-exploitation-trends-CVE-2014/ba-p/6461820#.U2FBZvldWSo