Microsoft IE Remote Code Execution Exploit (0day) - Critical

Microsoft IE Remote Code Execution Exploit (0day) - Critical
http://www.neowin.net/comments.php?...egory=main


FrSIRT have identified a critical vulnerability with Internet Explorer
6 for Windows XP SP1 and SP2.

The problem could be exploited by remote attackers to execute
arbitrary commands. The issue is due to a memory corruption error when
instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface)
object as an ActiveX control, which could be exploited by an attacker
to take complete control of an affected system via a specially crafted
Web page.

Unfortunately for users of Internet Explorer 6 there is 0day Exploit
Code readily available for would be hackers to create web pages. This
is un-usual and brings into question whether FrSIRT were taking decent
measures to ensure Microsoft were aware of this threat.

According to a Microsoft Spokesperson, "Microsoft is aggressively
investigating new public reports of a possible vulnerability in
Internet Explorer. Upon completion of this investigation, Microsoft
will take the appropriate action to help protect our customers. This
may include providing a security update through our monthly release
process or providing an out-of-cycle security update, depending on
customer needs. Microsoft is concerned that this new report of a
vulnerability in Internet Explorer was not disclosed responsibly,
potentially putting computer users at risk."

We will keep you updated on Microsoft's investigations and whether
they plan to release a patch for this flaw soon.

EXPLOIT
http://www.frsirt.com/exploits/2005...l-0day.php