IE Zero Day is "For Real"
We've had numerous readers write in about an IE8 zero day, most pointed us here for more info on it ==> http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/
Since I'm not a "Malware Analysis Guy" (at least until I take Lenny's Forensics 610 class), I hunted around for some confirmation before I posted.
I guess a Metasploit module that exploits it counts as confirmation !
http://dev.metasploit.com/redmine/projects/framework/repository/revisions/aac41e91fd38f99238971892d61ead4cfbedabb4/entry/modules/exploits/windows/browser/ie_execcommand_uaf.rb
Also more info here: http://blog.vulnhunt.com/index.php/2012/09/17/ie-execcommand-fuction-use-after-free-vulnerability-0day
And yes, there is code in the wild that exploits this (since Sept14th). And no, there is no patch for it yet
If you're still running IE7,8 or 9, today is a good day to think about switching browsers for a couple of weeks.
(thanks to our readers, who corrected my original post - this zero day affects not just IE8, but also IE7 and IE9)
===============
Rob VandenBrink
Metafore
