ArsTechnica reports today that the “Moh2010.swf” exploit targeting Internet Explorer versions 7 and 8 on Windows XP has been spotted in the wild:
The exploits circulating in the wild may be relying on other methods to override the more limited defenses included in the Service Pack 3 version of Windows XP. According to Eric Romang, the researcher who disclosed the IE attacks over the weekend, they require the victim to be running Adobe’s Flash Player, possibly to carry out what’s known as a “heap spray” (another technique for bypassing ASLR). The attacks are being carried out by the same gang that waged the recent stealth attacks against critical vulnerabilities in Java. The files used in the latest wave of attacks (cataloged here, here, here, and here) had little or no detection by the 34 most widely used antivirus programs, at least at the time Romang published his blog post. It wouldn’t be surprising for detection to ramp up quickly in the next few hours.
A Metasploit module for the exploit has already been published, capable of affecting Internet Explorer versions 7, 8 & 9 on Windows XP, Vista and 7. The source of the module is available here.
Until Microsoft can push a patch for this, it’s highly recommended to switch to an alternative browser.
Other Discussions: