[blog.rayfoo]

Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code. The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.

Another case that shows how difficult it is for reasonable and informative disclosure, yet not giving away the attack like this.

On a side note, am looking forward to trying this out from Metasploit…

[via ZDNet]

Related posts that you might be interested in...

• February 5, 2010 -- Installing Ubuntu 7.04 server in VirtualBox (0)
• July 18, 2010 -- Interesting scanner (0)
• July 14, 2010 -- More automation needed (0)
• May 21, 2010 -- Metasploitable! (0)
• May 2, 2010 -- So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users (0)
• April 29, 2010 -- Weird outgoing IP accesses… (0)
• March 13, 2010 -- Fun with Splunk: SSHD (0)
• March 3, 2010 -- Useful Firefox Plugins (2)
• February 27, 2010 -- DNS rebinding defense with Nginx (0)
• February 27, 2010 -- Web Security Dojo v1.0 release (0)