Exploit for new IE hole
A public exploit for the new security hole in Internet Explorer 6 and 7 has now become available – as a module for the Metasploit exploit framework. Since it's likely that other websites will soon begin to actively exploit the hole, this will probably force Microsoft to promptly release a patch. Microsoft had previously only registered a few targeted attacks exploiting the hole in the iepeers.dll component to infect systems. Microsoft said therefore that it would continue to monitor the situation and recommended that users switch to Internet Explorer 8, which is not vulnerable. At the recent RSA conference, the creator of Metasploit, H.D. Moore, accused software vendors of only responding fast once an exploit is in circulation – it will be interesting to see if he's right again.
The Metasploit module is based on an analysis of the original exploit. It uses a flawed pointer dereferencing mechanism to execute injected code. This was discovered by Israeli developer Moshe Ben Abu after reading a post on McAfee's blog which mentioned the www.topix21century.com domain responsible for the original exploit.
The Metasploit module works with Microsoft Internet Explorer 7 under Windows Vista SP2, Internet Explorer 7 under Windows XP SP3 and Internet Explorer 6 under Windows XP SP3, but only if the data execution prevention (DEP) feature hasn't been enabled. Although the exploit isn't yet totally reliable.
See also:
- Attacks on newly discovered vulnerability in IE 6 and 7, a report from The H.
- Zero day exploit for Internet Explorer, a report from The H.
(crve)