This CVE-2012-1875 is now actively exploited in "limited attacks" but Microsoft has yet to update its MS12-037 bulletin [1] to clearly indicate that public exploit code is now widely available. This critical Internet Explorer update has a module available in the Metasploit framework.

Users are strongly encouraged to patch this vulnerability before your systems get exploited. Have you seen this vulnerability being exploited in your network? Let us know!

[1] MS12-037 - Critical: Cumulative Security Update for Internet Explorer
http://technet.microsoft.com/en-us/security/bulletin/ms12-037

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu