begood Posted March 10, 2010 Report Posted March 10, 2010 A new Microsoft Internet Explorer 0day exploit has been found circulating in-the-wild. According to Microsoft, there are targeted attacks attempting to use this vulnerability. Microsoft published a security advisory for this vulnerability here:Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code ExecutionThe vulnerability is a use-after-free (invalid pointer reference) vulnerability within iepeers.dll and only Internet Explorer versions 6 and 7 are vulnerable. Internet Explorer 8 and 5 are not affected.I’ve found this exploit in-the-wild on www.topix21century.com. The payload download and executes a binary file which connects back to notes.topix21century.com.Here’s the exploit as it was found in-the-wild, a bit un-obfuscated and payload removed – http://www.rec-sec.com/exploits/ie_iepeers_wild.txtAnd here’s a Metasploit exploit module for this vulnerability. Tested successfully on the following platforms:– Microsoft Internet Explorer 7, Windows Vista SP2– Microsoft Internet Explorer 7, Windows XP SP3– Microsoft Internet Explorer 6, Windows XP SP3Download ie_iepeers_pointer.rb.As usual, this post will update with further references and updates when available.Happy exploitation source Quote
