- SandboxEscaper uncovered a zero-day vulnerability in the Windows Error Reporting service dubbed ‘AngryPolarBearBug2’.
- The researcher also published a demo exploit code for a zero-day vulnerability impacting Internet Explorer 11.
A security researcher who goes under the name ‘SandboxEscaper’ has published the demo exploit code for two Microsoft zero-day vulnerabilities.
The first vulnerability is found in the Windows Error Reporting service and the second vulnerability in Internet Explorer 11.
What is the AngryPolarBearBug2 vulnerability?
SandboxEscaper uncovered a zero-day vulnerability in the Windows Error Reporting service dubbed ‘AngryPolarBearBug2’.
- The vulnerability can be exploited via a carefully placed DACL (discretionary access control list) operation.
- Once exploited, it could allow an attacker to edit files.
- However, the researcher noted that it takes over 15 mins for the bug to trigger.
Internet Explorer vulnerability
The researcher also published a demo exploit code for a zero-day vulnerability impacting Internet Explorer 11.
- This zero-day vulnerability could allow attackers to inject malicious code in Internet Explorer.
- Another security researcher who reviewed the exploit noted that this bug is not remotely exploitable and should be considered a low-impact issue.
SandboxEscaper promised to release two more Microsoft zero-day vulnerabilities in the coming days.
Publisher
/https://cystory-images.s3.amazonaws.com/shutterstock_510253828.jpg)
/https://cystory-images.s3.amazonaws.com/shutterstock_352324304.jpg)
