ITBusinessEdge: Hackers Get Easy Access To New Unpatched Zero-Day Exploit
CVE-2010-3962 is a known Zero-Day exploit that hackers can use to take over your computer for various criminal purposes. What’s changed is that it’s now showing up in the Eleonore hacker toolkit, which means it’s much more readily available.
“A new zero-day Internet Explorer (IE) exploit first discovered by Symantec has found its way into the Eleonore exploit kit. A zero-day is basically a known security vulnerability for which an appropriate patch is not yet available. Eleonore is a relatively well-known toolkit used by hackers to take control of computer systems without the owner’s permission.
Roger Thompson, Chief Research Officer at AVG elaborated on the zero-day attack on the security company’s blog:
‘It’s fairly well known (well, well-known if you’re a security geek) that CVE-2010-3962 is in the Wild, but over the last couple of days, we’ve begun detecting it in the Eleonore Exploit Kit. This raises the stakes considerably, as it means that anyone can buy the kit for a few hundred bucks, and they have a working 0-day.'”