Attack code published for critical IE flaw

 According to “ZDNet”, last week, when Microsoft released the critical Internet Explorer update, the company issued a warning that working exploit code could be released within 30 days.

Less than a week later, an exploit for one of the “critical” browser flaw has been fitted into the freely available Metasploit point-and-click attack tool and samples have been released to Contagio, a blog that tracks live malware attacks.

The addition of the exploit into Metasploit effectively means that cyber-criminals now have access to copy the attack code for use in exploit kit and other mass malware attacks.

The vulnerability (CVE-2012-1875) is a remote code execution flaw in the way that Internet Explorer accesses an object that has been deleted. The vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft has confirmed that this flaw is being used in “limited attacks” but the company has not (yet) updated its MS12-037 bulletin to make it clear that public exploit code is now widely available.

On Windows XP, the vulnerability can be reliably exploited without any third-party component. We found the exploit tried to download and execute a binary from a remote server. The server was hosted by Yahoo and was taken down the same day we reported this to Microsoft.

Researchers at AlienVault Labs are reporting the discovery of “several servers hosting similar versions of the exploit.” It also said the exploit supports a wide range of languages and Windows versions (from Windows XP through Windows 7) and appears to be very reliable.