An older exploit targeting an Internet Explorer use-after-free (UAF) vulnerability has been modified by attackers and, worse yet, added to a popular exploit kit (EK).
Dan Caselden, a senior malware researcher at FireEye, blogged about the development on Friday, revealing that the IE exploit, first demonstrated by k33nteam in October, had caught the attention of exploit authors.
Caselden added that the bug (patched by Microsoft’s MS14-056 bulletin) is now exploitable via a modified attack which can beat Memory Protection (MemProtect), a mitigation introduced by Microsoft last July that helps deflect attacks leveraging use-after-free vulnerabilities.
Researchers spotted the IE attack in the wild, because the exploit had been added to the Angler EK.
“Thankfully, the exploitation technique does not include a generic bypass for MemProtect,” Caselden wrote, adding that the UAF bug had a MSHTML!CTitleElement that MemProtect “was not designed to mitigate.”