Wednesday, November 25, 2009
Metasploit releases IE attack, but it's unreliable
The code exploits an Internet Explorer bug that was disclosed last Friday in a proof-of-concept attack posted to the Bugtraq mailing list. That first code was unreliable, but security experts worried that someone would soon develop a better version that would be adopted by cyber-criminals.
The original attack used a "heap-spray" technique to exploit the vulnerability in IE. But for a while Wednesday, it looked as though the Metasploit team had released a more reliable exploit. Computer World