Wednesday, March 10, 2010

CVE-2010-0806 - Internet Explorer 6/7 0 day

Some notes about:

Internet Explorer 0-day targeted in spam runs
http://www.sophos.com/blogs/sophoslabs/?p=9030

Targeted Internet Explorer 0day Attack Announced

Robtex queries for the Mcafee reported URLs:

hxxxxp://topix21century.com/20100307.htm
- http://www.robtex.com/ip/68.178.232.100.html

hxxxp://as.casalemedia.com/sd?s=95331f=1 - http://www.robtex.com/dns/as.casalemedia.com.html#records

The following exploiter (retrieved from once of the URL posted by McAfee) use Base64 encoding for hiding resources:












This issue it's been detected in the "iepeers.dll". With a good ActiveX fuzzer may be trivial found more info (CLSID: 7E8BC44E-AEFF-11D1-89C2-00C04FB6BFC4). Dranzer seem good enough: try to check http://www.cert.org/blogs/vuls/2009/04/release_of_dranzer_activex_fuz.html for more details.

Metasploit module:
http://www.exploit-db.com/exploits/11683

Microsoft Internet Explorer iepeers.dll use-after-free exploit
http://www.rec-sec.com/2010/03/10/internet-explorer-iepeers-use-after-free-exploit/

No comments:

Post a Comment