New 0-day in the Old bug

Now, CERT have already released the advisory 0-day IE bug, “WebViewFolderIcon ActiveX”. This bug, WebViewFolderIcon or another name “SetSlice” bug, is discovered by H D Moore on 18 July 2006 or early date – 2 months ago and he described it in one of his blog Browser Fun.

I think that this bug was fixed in past 2 months, however, I’m wrong. The public exploit is released from Metasploit project on Sep 26 and it can successful exploit on XP SP0 – SP2 with IE 6 SP1 and it should work for 2K and 2K3.

This bug should not be 0-day if guys from M$ had read H D M blog :) (or they had already read, but ignore it, lol)