South Korea victim of Internet Explorer zero-day vulnerability

May 11, 2016
[link to www.zdnet.com]
Security firm Symantec has reported that South Korea has been affected by targeted attacks that exploited an Internet Explorer zero-day vulnerability.


Research from Symantec has revealed that the Internet Explorer Scripting Engine Remote Memory Corruption Vulnerability was used in targeted attacks in South Korea.
----------------------------------------------------------

[link to www.symantec.com]

Microsoft has patched an Internet Explorer zero-day vulnerability (CVE-2016-0189), which was exploited in targeted attacks in South Korea.


In 1999, South Korea introduced a law that required online vendors to adopt Microsoft ActiveX to use the region’s SEED cipher for transactions. Internet Explorer is the only browser to support ActiveX. While South Korea has since planned to scrap this regulation, the region is still heavily dependent on this web browser.

This threat is just one of the many zero-day attacks that have affected South Korea. For example, last year, attackers used a well-designed threat known as Backdoor.Duuzer to target South Korean organizations. They spread Duuzer variants through zero-day exploits for the South Korean word processor Hangul.

Last Edited by T4 Nanobot on 05/12/2016 01:30 AM