The latest exploit, CVE-2013-0027 affected almost all versions of Microsoft Internet Explorer and affected all windows operating systems including the major server editions too. Thirteen private vulnerabilities were recently patched in a security bulletin by Microsoft.
The exposure, now branded as critical for Internet Explorer 6, 7, 8, 9 and 10, admitted remote code execution if a user attempted to visit a specially crafted web page using those versions of IE.
The vulnarbility allowed an attacker to gain the same user privileged as the current users, which is triggered by an improper memory operation executed by IE when addressing the crafted HTML content.
The exploit for MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free vulnerability has been released by Metasploit and is available on ExploitDb as well. Here is the code for this exploit:
