Security researches FireEye found two new Internet Explorer exploits. This exploit affects Internet Explorer 7, 8, 9, 10 runnning on Windows XP or 7. Researches said that this compromises anyone visiting a malicious website in a classic drive-by-download attack.
Researches have found that attackers inserted this zero-day exploit into an important website. This is a classic waterhole attack in which attackers have compromised a website known to draw visitors who are likely interested in national and international security policy.
They also found that the malicious payload loads directly to the computer’s memory, bypassing the hard disk. This “diskless” threat is difficult for defenders to protect against such threats. However, rebooting the computer will also remove the malicious payload as it is loaded only in the memory (RAM).
Two zero-days exploit on Internet Explorer come also that exploit a graphics component in IE.
The vulnerability (CVE-2013-3906) is in the Tiff graphics format used in Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010 and Microsoft Lync.
Windows XP users should update their operating system as Microsoft will end support for Windows XP on April 2014.