Saturday, March 22, 2014

Attacks on different versions of Internet Explorer (IE)

I had an interesting case study recently where I was trying to determine unique vulnerabilities (with CVE reference) in different versions of IE targeted or exploited by attackers or malware.

To achieve this task, Hook Analyser 3.1 (in development stage) came out to be quite handy. I was able to identify different CVEs used/targeted by malware or exploited in wild.



In the case study, I took IE9, IE10 and IE11.

I noticed that IE10 or above are less targeted compared to IE9.

This can be due to enhanced security features on IE10 or above such as memory ASLR.

No comments:

Post a Comment