After less than a week Microsoft released security advisory detailing a number of critical vulnerabilities in Internet Explorer, an exploit code has been made available for the CVE-2012-1875 remote code execution flaw.
CVE-2012-1875: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."
While releasing the security advisory, Microsoft also issued a warning that working exploit code could be released within 30 days. As usual, it doesn’t take much time for such popular attack codes to become available.
Also, this is not the only vulnerability that affects Internet Explorer. There’s another critical flaw in Microsoft XML Core Services that hasn’t been patched yet, but for which the Redmond company released a temporary fix.
The Metasploit exploit framework has been fitted with a module that takes advantage of the vulnerability, meaning that the attack option is freely available to anyone who knows how to use the framework