Internet Explorer CVE-2010-0249 'srcElement()' Remote Code Execution Vulnerability

This issue is being actively exploited in the wild in targeted attacks.

Immunity has reportedly developed and released a private exploit for Internet Explorer 7 and 8 that can bypass DEP and ASLR protections. The exploit was released as part of Immunity's CANVAS Early Update service and is not otherwise publicly available or known to be circulating in the wild.

The following exploit and Metasploit exploit module are available:


 

Privacy Statement
Copyright 2010, SecurityFocus