MSIE 11 RCE Vulnerability found in Hacking Team Data Dump
Another Hacking Team vulnerability found – this time it wasn’t in Flash or Reader, so Adobe gets a day off from bug-fixing (until another bug in their software is found). Today we’re learning that Microsoft Developers will be busy fixing the worst possible kind of vulnerability to be found in a browser – a Remote Code Execution bug – or RCE.
An RCE in your browser means that a crook can fool the browser into skipping all the protection to do with untrusted content or risky behaviors, and then to download a file and to run it on your local machine.
Think of it like this:
Remote: Data that could have come from anywhere and probably was…
Code: …that surreptitiously turns out to be a sequence of commands or program instructions…
Execution: …and gets to run when it shouldn’t, without so much as a “by your leave.”
Typically, you won’t even notice that anything unusual happened, because the RCE usually happens quietly and without meaning to alert you (by design of the malicious software author).
Your browser may freeze or crash, but many exploits are able to manage to sidestep that tell-tale sign, as well.