Exploit code available for CVE-2010-0249
The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public. It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.
I expect Microsoft will have a patch available for the standard February patch day. There will not likely be an out-of-band patch for this unless a 3rd party makes their own available.
Keywords: CVE20100249
2 comment(s)
×
Diary Archives
Comments
RJ
Jan 16th 2010
1 decade ago
Video of the exploit via Metasploit module:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
Really?
Jan 16th 2010
1 decade ago