HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass

Could the latest 0-day used in the wild be stealthier?

The attack discovered last week used two vulnerabilities but it could have been stealthier. A bug was exploited in flash to bypass ASLR and another in IE to gain RCE. ZDI's research proved that the IE bug can be exploited to bypass ASLR+DEP without using a Flash bug.

Labels: 0day| ASLR| DEP| exploit| IE| IE0day| ZDI
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.