Security Research
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Microsoft IE zero day and recent exploitation trends (CVE-2014-1776)

Matt_Oh

@anonymous321: At the time of writing, everything was assumed that the vulnerability is related to VGX.DLL. You can now view this blog as more of a VGX.DLL patch history. Flash component was not under consideration when we worked on this material.

 

Also, ZDI data and even VGX.DLL vulnerability type data show that use-after-free is dominant these days. The original intention of the material was emphasising the trend of dominant vulnerability type changning. In that sense the blog serves it's purpose.

 

Thanks.

0 Kudos
About the Author

Matt_Oh

Twitter: @ohjeongwook .

Comments
Anonymous123

This vulnerability isn't in VGX.DLL, though. You may wish to reconsider this entry.

Matt_Oh

@Anonymous123: Yes, we got to know that after we worked on our post. Just for the record, more details can be found here: http://blogs.technet.com/b/srd/archive/2014/04/30/protection-strategies-for-the-security-advisory-2963983-ie-0day.aspx

anonymous321

What about the discussion of the flash component? Is this blog post even remotely related to CVE-2014-1776?

Matt_Oh

@anonymous321: At the time of writing, everything was assumed that the vulnerability is related to VGX.DLL. You can now view this blog as more of a VGX.DLL patch history. Flash component was not under consideration when we worked on this material.

 

Also, ZDI data and even VGX.DLL vulnerability type data show that use-after-free is dominant these days. The original intention of the material was emphasising the trend of dominant vulnerability type changning. In that sense the blog serves it's purpose.

 

Thanks.

Labels
Events
June 6 - 8, 2017
Las Vegas, Nevada
Discover 2017 Las Vegas
Join us for HPE Discover 2017 in Las Vegas. The event will be held at the Venetian | Palazzo from June 6-8, 2017.
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all