Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - IE 0 Day, just in time for Christmas InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

IE 0 Day, just in time for Christmas

Published: 2010-12-23
Last Updated: 2010-12-23 13:00:34 UTC
by Mark Hofman (Version: 1)
1 comment(s)

Ok, fess up who asked for an IE 0 day for Christmas? I'm guessing Santa got his lumps of coal mixed up with a bag of exploits.

This exploit has been discussed over the last day or so on full disclosure and a number of other sites. Metasploit already has a module available for it (just search for CSS & IE).  Microsoft has put out an advisory 2488013 regarding the issue (  The issue manifests itself when a specially crafted web page is used and could result in remote code execution on the client. 

Microsoft suggests using Enhanced Mitigation Experience Toolkit (EMET) to help address the issue.  Details on that and a little bit more on the exploit can be found here 

According to the advisory it is not actively being exploited ....yet

If you see it being exploited, drop us a line. 


Mark H

Keywords: IE 0 day
1 comment(s)
Diary Archives