Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Exploit code available for CVE-2010-0249 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Exploit code available for CVE-2010-0249

The details for CVE-2010-0249 aka Microsoft Security Advisory 979352 (http://www.microsoft.com/technet/security/advisory/979352.mspx) aka the Aurora exploit has been made public.  It is a vulnerability in mshtml.dll that works as advertised on IE6 but if DEP is enabled on IE7 or IE8 the exploit does not execute code.

I expect Microsoft will have a patch available for the standard February patch day.  There will not likely be an out-of-band patch for this unless a 3rd party makes their own available.
 

Kevin Liston

292 Posts
ISC Handler
Microsoft now has a bulletin with specifics. http://blogs.technet.com/srd/ Interestingly, the code does not work on IE7 on XP SP3 due to a defect in the code. That makes IE6 the only vector (right now).
Anonymous
With the amount of attention this is getting, if the fix is straight forward MSFT might fix it from a PR standpoint alone (similar to the fix they released ahead of BlackHat back in June of last year).

Video of the exploit via Metasploit module:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
Anonymous

Sign Up for Free or Log In to start participating in the conversation!