Microsoft has known about CVE-2016-3351 since 2015.
Exploited By AdGholas and GooNky Malvertising Groups.
Vulnerability details
Advisory: SB2016091307 - Multiple vulnerabilities in Microsoft Internet Explorer and Edge
Vulnerable component: Microsoft Internet Explorer
CVE-ID: CVE-2016-3351
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to boundary error when handling of malicious files. A remote attacker can create a specially crafted content, trick the victim into opening it, trigger memory corruption and gain access to arbitrary data.
Known APT campaigns:
AdGholas
AdGholas is a name of malvertising campaign active since at least October 2015. To avoid detection the hackers use steganography and file whitelisting techniques. As of April 2017 the hackers employed Astrum exploit kit, according to Trend Micro report.
External links:
https://www.proofpoint.com/us/threat-insight/post/Microsoft-Patches-Zero-Day-Exploited-By-AdGholas-G...
https://technet.microsoft.com/library/security/ms16-104
https://technet.microsoft.com/library/security/MS16-105
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=29628
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2016-3298-microsoft-fixes-another-ie-...
http://securityaffairs.co/wordpress/51494/hacking/internet-explorer-exploits.html
http://wccftech.com/zero-day-exploited-update-windows-right-away/
https://www.brokenbrowser.com/detecting-local-files-to-evade-analysts/
http://www.securityweek.com/microsoft-patches-browser-vulnerability-exploited-attacks
https://www.scmagazineuk.com/microsoft-bundles-security-updates--no-more-pick-and-choose/article/547...
http://www.securingcomputer.com/news/microsoft-patches-browser-vulnerability-exploited-attacks
http://www.zdnet.com/article/microsoft-patches-critical-ie-bug-that-was-under-attack-for-nearly-thre...
http://techgenix.com/microsoft-patches-ie-malvertising-vulnerability/