Disdain EK

A new exploit kit (EK) named “Disdain” has been observed in the wild. The EK targets Windows vulnerabilities. Initially the presence of this EK was found in underground forums as an ad and was brought to light on twitter by @CryptoInsane. The EK can be rented for as low as 80$. Disdain claims to exploit … Continue reading “Disdain EK”

Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability

Introduction: Google Project Zero recently disclosed an unpatched vulnerability that affects Microsoft Edge and Internet Explorer. This vulnerability is tracked as CVE-2017-0037. The disclosed PoC only demonstrates DoS attack on the target, but arbitrary code execution could also be possible. A PoC for the same is also available here. Exploit: The CVE-2017-0037 vulnerability, so-called ‘type … Continue reading “Microsoft Edge and Internet Explorer Type Confusion Zero Day Vulnerability”