Last Updated: 2010-01-15 21:35:51 UTC
by Kevin Liston (Version: 1)
The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.
I expect Microsoft will have a patch available for the standard February patch day. There will not likely be an out-of-band patch for this unless a 3rd party makes their own available.