Zero Day Vulnerability in IE v6-8

The end of the year was marked by the discovery of zero-day vulnerability (that is, there is no patch yet, so-called 0day ) in Internet Explorer versions 6 to 8 inclusive ( CVE-2012-4792 ). Microsoft has released a security bulletin describing which systems are at risk. Judging by this description, users of IE 9-10 are lucky and there is no vulnerability.

As reported , the vulnerability was discovered as a result of an investigation into the hacking of the website of the US Council on Foreign Relations, on which the attackers placed a malicious code to vulnerability. Analysis of malicious code using the described vulnerability is available here .

As reported on Twitter on the Metasploit Framework project, on January 4, an update of this framework was released, which now includes an exploit for the not yet closed vulnerability in IE