Neutrino EK adopts new exploit after open source POC release


The Neutrino exploit kit (EK) added a former Internet Explorer zero-day vulnerability affecting to its arsenal.

The vulnerability, CVE-2016-0189, is a scripting engine remote memory corruption affecting the IE browser on Windows 10 that was patched on May 10.

The exploit was originally exploited to carry out targeted attacks on South Korean users in order to achieve remote code execution (RCE), according to a May 10 Symantec blog post.

On June 22, a group of security researchers published proof of concept source code for an exploit of the vulnerability after attackers used the zero-day, according to a July 14 FireEye blog post.

The Neutrino EK embedded exploits for five rated vulnerabilities, three for Adobe Flash Player and two for IE with CVE-2016-0189 being the latest addition. It is possible that attackers can repurpose the attack for earlier versions of Windows, FireEye researchers said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.