Unicorn is the name given to a bug found in Internet Explorer which allows an attacker to execute code remotely on the targeted victim’s machine. This vulnerability, known as CVE-2014-6332, and discovered by an IBM X-Force security researcher, is significant because it exploits an old bug present in Internet Explorer versions 3 through 11. In other words, unless you are using a ancient system from the 80’s, your PC is vulnerable and you are advised to update your Windows right now. The vulnerability not only, can be used by an attacker to run arbitrary code on a remote machine, but it can also bypass the Enhanced Protected Mode (EPM) sandbox in IE11 as well as Microsoft’s free anti-exploitation tool, the Enhanced Mitigation Experience Toolkit (EMET).
Attack Detailed
The poof pf concept of this vulnerability was made public some time last week. Since the flaw is in Internet Explorer, an attacker only needs a website to target potential victims.
ESET said that, “Scouring our data, we found several blocked exploitation attempts while our users were browsing a major Bulgarian website. As you might have guessed, the compromised website was using CVE-2014-6332 to install malware on the computers of its unsuspecting visitors.”
