Security News #0x20: IE 0-day (again)

There is a new 0-day exploit targeting Internet Explorer available in Metasploit. You can see the module itself here, while a brief description of the exploit is available on the Metasploit Blog.

It seems that Eric Romang found a public folder used by the Nitro gang that contained an exploit that apparently targeted Internet Explorer. After some reverse engineering on the part of Eric, the Metasploit team and others, the new Metasploit module went up today.

I did some quick testing this afternoon, and it sure looks to work as advertised, at least on my Win 7 SP1, IE 8 box (with Java).

Quick recommendation? Don’t. Use. Internet. Explorer.