Microsoft has released a new patch for Internet Explorer. According to the Microsoft Security Advisory, the reason for the out-of-band release was that the vulnerability described in CVE-2010-0806, “Uninitilized Memory Corruption Vulnerability”, was being widely seen in the wild.

On March 10th the exploit was added to the MetaSploit Framework, and instructions on how to use the exploit immediately being spread on many hacker boards. It was first seen on the replacement for Milw0rm, XpltDB: Exploit-DB.com.

You can find some more info at Gary Warner’s blog (from where I got the news) or at Rec-Sec.com.

(more…)