[Infowarrior] - IE zero-day code released
Richard Forno
rforno at infowarrior.org
Sat Jan 16 18:39:03 UTC 2010
The IE exploit reportedly involved in the China-Google spat this week
was made public by the Metasploit Project yesterday. Since Metasploit
is owned by Rapid7, an infosec vulnerability management company (ie, a
"security company") I am sure we'll see another round of heated debate
over vulnerability disclosure in the coming days.
Exploit:
http://www.metasploit.com/redmine/projects/framework/repository/revisions/8136/entry/modules/exploits/windows/browser/ie_aurora.rb
Attack code for this thing is publicly available now, too:
http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0f&type=js
Also - "Microsoft issued a security advisory on the IE flaw Thursday
and has not ruled out the possibility of rushing out an emergency "out-
of-cycle" patch to fix it. Microsoft's next set of security patches is
due Feb. 9, giving hackers more than three weeks to exploit the flaw."
- (http://www.itworld.com/security/93009/attack-code-used-hack-google-now-public
)
-rf
More information about the Infowarrior
mailing list