Home > Uncategorized > Security News #0x20: IE 0-day (again)

Security News #0x20: IE 0-day (again)

There is a new 0-day exploit targeting Internet Explorer available in Metasploit. You can see the module itself here, while a brief description of the exploit is available on the Metasploit Blog.

It seems that Eric Romang found a public folder used by the Nitro gang that contained an exploit that apparently targeted Internet Explorer. After some reverse engineering on the part of Eric, the Metasploit team and others, the new Metasploit module went up today.

I did some quick testing this afternoon, and it sure looks to work as advertised, at least on my Win 7 SP1, IE 8 box (with Java).

Quick recommendation? Don’t. Use. Internet. Explorer.

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: