An IBM security researcher has discovered a major security flaw in Microsoft´s Edge browser. Using drive-by-attack techniques attackers can execute malicious code in a similar way than how it´s usually done with malicious Flash, Java or Silverlight plugins.
The culprit of the security flaw is Windows 10´s built-in PDF Renderer library WinRT PDF which allows developers to easily integrate PDF viewing features inside their apps.
Microsoft Edge also uses WinRT PDF to offer a seamless PDF viewing experience like other browsers like Google Chrome and Mozilla Firefox.
According to Mark Vincent Yason, security researcher in IBM’s X-Force Advanced Research team an attacker can contain a WinRT PDF exploit within a PDF file, which could be secretly opened using of screen iframes built with CSS.
In a drive-by-attack, the attacker could use any vulnerabilities in WinRT and not Edge itself to leverage and distribute his malware.
“A major factor that will affect when and how often we see in-the-wild exploits for WinRT PDF vulnerabilities depends on how difficult it is to exploit them,” Mr. Yason explains.
He adds however that as Windows 10 implemented former EMET features like ASLR protection and Control Flow Guard, such exploits would be time consuming and therefore costly.
Mark Vincent Yason is scheduled to offer an in-depth presentation of this attack scenario at this year’s RSA security conference in San Francisco.
SOURCE: Security Intelligence