A new zero day in Internet Explorer first surfaced on September 14, when security researcher Eric Romang blogged about it.
Today we are aware of attacks exploiting this vulnerability to install Poison Ivy Trojan. Currently there are two variants of PoC code available to the public, both written for Metasploit Framework:
- Microsoft Internet Explorer 8 execCommand Use-After-Free Exploit
- Microsoft Internet Explorer execCommand Use-After-Free Exploit
Vulnerability description is available here: http://www.naked-security.com/nsa/235092.htm
Today Microsoft issued a security advisory describing the vulnerability and published some workarounds. As the main protection approach software giant recommends using EMET:
- For 32-bit systems:
"c:\Program Files\EMET\EMET_Conf.exe" --set "c:\Program Files\Internet Explorer\iexplore.exe" - For 32-bit browser version in 64-bit system
"c:\Program Files (x86)\EMET\EMET_Conf.exe" --set "c:\Program Files (x86)\Internet Explorer\iexplore.exe" - For 64-bit browser version
"c:\Program Files (x86)\EMET\EMET_Conf.exe" --set "c:\Program Files\Internet Explorer\iexplore.exe"
