Exploit code available for CVE-2010-0249

Published: 2010-01-15
Last Updated: 2010-01-15 21:35:51 UTC
by Kevin Liston (Version: 1)
2 comment(s)

The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public.  It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.

I expect Microsoft will have a patch available for the standard February patch day.  There will not likely be an out-of-band patch for this unless a 3rd party makes their own available.
 

Keywords: CVE20100249
2 comment(s)

Comments

Microsoft now has a bulletin with specifics. http://blogs.technet.com/srd/ Interestingly, the code does not work on IE7 on XP SP3 due to a defect in the code. That makes IE6 the only vector (right now).
With the amount of attention this is getting, if the fix is straight forward MSFT might fix it from a PR standpoint alone (similar to the fix they released ahead of BlackHat back in June of last year).

Video of the exploit via Metasploit module:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/

Diary Archives