In 2014, Microsoft introduced heap corruption mitigations into Internet Explorer (IE), such as an isolated heap for certain objects, and a delayed free (collectively referred to as MEMPROTECT). While the mitigations are not unbeatable, they increased the difficulty for exploit authors developing new IE exploits as evidenced by the absence of new IE exploits discovered in the wild.
k33nteam demonstrated a method for exploiting a certain use-after-free (UAF) vulnerability in the presence of IE’s MEMPROTECT mitigations in their blog (http://k33nteam.org/blog-4-use-after-free-not-dead-in-internet-explorer-part-1.htm) back in October. The vulnerability was patched in Microsoft’s October release MS14-056.
The Angler Exploit Kit (EK) recently implemented a modified version of k33nteam’s exploit targeting the same patched vulnerability. This is interesting because it is the first instance we’ve seen of an attack in the wild targeting IE deployments that are using Microsoft’s new MEMPROTECT mitigations. It shows that exploit authors are still interested in attacking IE.
more here.........https://www.fireeye.com/blog/threat-research/2015/02/angler_exploit_kitu.html
k33nteam demonstrated a method for exploiting a certain use-after-free (UAF) vulnerability in the presence of IE’s MEMPROTECT mitigations in their blog (http://k33nteam.org/blog-4-use-after-free-not-dead-in-internet-explorer-part-1.htm) back in October. The vulnerability was patched in Microsoft’s October release MS14-056.
The Angler Exploit Kit (EK) recently implemented a modified version of k33nteam’s exploit targeting the same patched vulnerability. This is interesting because it is the first instance we’ve seen of an attack in the wild targeting IE deployments that are using Microsoft’s new MEMPROTECT mitigations. It shows that exploit authors are still interested in attacking IE.
more here.........https://www.fireeye.com/blog/threat-research/2015/02/angler_exploit_kitu.html