Internet Explorer 'Nitro' Zero Day - September 2012


This video describes CVE-2012-4681, vulnerability in Internet Explorer that was discovered and exploited by the Nitro gang (and which was a zero-day vulnerability at the time of discovery). The vulnerability leverages "use-after-free" to implement a heap spray and eventually drops a payload such as Poison Ivy onto a vulnerable system. Video by Dr. Zulfikar Ramzan, Sourcefire's Chief Scientist in the Cloud Technology Group.

RunTime - 9:14

Uploaded - 10 Apr 2013


©2014 Cisco and/or its affiliates. All rights reserved.