While searching around a compromised server that was being used to exploit Java vulnerabilities, a security researcher stumbled upon an additional exploit that he claims takes advantage of a undiscovered security hole in the fully patched versions of Microsoft Internet Explorer 7 and 8.
Eric Romang found four files on the server: an executable, a Flash Player movie and two HTML files called exploit.html and protect.html
When users visit the exploit.html page, it loads the Flash movie, which successively loads the additional HTML page, protect.html. Collectively, they help drop the executable on to the victim’s computer. At this point, aggressors have everything they need to drop any applications they like on the victim’s machine, whether it’s to join a botnet or conduct assaults. In this case, the dropper executable installs a different program when the victim next logs in.
The vulnerability has also been an interest by developers working on the Metasploit exploit framework, and an early version of a module exploiting the zero-day has already been created.
