AnsweredAssumed Answered

Is there a QID for IE Zero day (2757760)

Question asked by royram on Sep 18, 2012
Latest reply on Sep 18, 2012 by Tim Pettigrew

Approximately 24 hours back; a news flased out in the security community that a potential zero day vulnerability impacting IE 7,8 and 9 on WinXP,Vista and 7.An exploit was developed over the weekend for the Metasploit exploit toolkit after the zero-day was found by researcher and Metasploit contributor Eric Romang. Romang discovered a new use-after-free vulnerability in IE was being exploited after monitoring some of the servers infected in the Java attacks.

 

Reference:

http://dev.metasploit.com/redmine/projects/framework/repository/revisions/aac41e91fd38f99238971892d61ead4cfbedabb4/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb

http://technet.microsoft.com/en-us/security/advisory/2757760

http://www.symantec.com/connect/blogs/new-internet-explorer-zero-day-vulnerability-exploited-wild

Outcomes