New IE 0day as Part of Webattacker?

webattacker is a hacker kit for preparing a website to exploit users, infecting them. it has statistics on os, browser type, etc. as well as on how many got infected by what exploit, etc.

nick fitzgerald, roger thompson and now dan hubbard report that sites seen exploiting this 0day in-the-wild have previously been seen utilizing webattacker. if webattacker indeed uses this 0day… it will be spread far and wide.

no patch in sight. easy to exploit.

gadi evron,
ge@beyondsecurity.com.

Share
  • http://prozacville.com Prozacgod

    I’ve been confused about this 0day exploit, is this the same as the createTextRange() – or is this a different one ?

  • http://blogs.securiteam.com/index.php/archives/author/mattmurphy/ Matthew Murphy

    The createTextRange() “zero-day” issue was actually plugged awhile ago. These vulnerabilities come in a slow stream for Microsoft — one gets patched, another comes out… it goes quiet for a while, then the cycle starts again. The exploit for the newest zero-day (i.e., VML) is here:

    http://www.securiteam.com/exploits/5EP0L0AJPM.html