IE 0-day In the wild

We’ve just received some reports that the IE
0-day exploit mentioned in a previous entry is now in the wild.


Or rather, In-The-Wild in this case meaning:

A hacker got a hold of the exploit code, modified it, hacked some
webpage, defaced it, and put the exploit for IE in the defaced
website.


We’ve just checked the website, and it does look like the IE 0-day
exploit. We’re still checking out what it really does. Updates
later.


Update (Jessie, 23 November 2005 22:33:40)
After looking at the source code, it was
verified to have the same shellcode as the latest IE 0-day exploit.
Due to its incompleteness (lacks other file components) it cannot
successfully spawns calc.exe on the local machine but, it was able
to copy the shellcode on the memory.


Please refer to the previous post
for additional details.