14 DAY TRIAL // Experts from Microsoft’s Malware Protection Center have found that the developers of the Cool exploit kit have integrated a new exploit into their creation.
The exploit kit is known for its abilities to push malware via Java, Adobe Reader, Flash Player, and Windows kernel-mode vulnerabilities. However, recently, Cool has been updated to include CVE-2012-1876, an Internet Explorer heap overflow vulnerability patched by Microsoft almost one year ago.
“For a while it seemed exploit kit writers were not too interested in this vulnerability, until the Cool EK writers included this exploit in their January update. Cool EK is currently the only kit to include this vulnerability exploit in its arsenal,” Microsoft experts explained.
The use of CVE-2012-1876 in the Cool exploit kit increases the potential pool of victims because it uses a return-oriented programming (ROP) technique that allows it to leverage multiple versions of a DLL.
Currently, this update is not so prevalent, but experts believe it will propagate soon. This is why users are advised to avoid visiting shady websites and make sure that their software is always up to date.