Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Exploit code available for CVE-2010-0249

Published: 2010-01-15
Last Updated: 2010-01-15 21:35:51 UTC
by Kevin Liston (Version: 1)
2 comment(s)

The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 ( aka the Aurora exploit has been made public.  It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.

I expect Microsoft will have a patch available for the standard February patch day.  There will not likely be an out-of-band patch for this unless a 3rd party makes their own available.

Keywords: CVE20100249
2 comment(s)
Diary Archives