Researchers from M86 claim to have discovered a 0-day exploit for Internet Explorer that is being used in the wild, according to Avri Schneider, an M86 researcher.
Writing for an M86 blog yesterday, Schneider said that the company’s team of researchers discovered a piece of JavaScript on the page that was injecting an iframe that pointed to a malicious site. Closer inspection revealed that it was using a previously unknown (0 day) exploit of IE capable of crashing a fully patched version of that browser and executing malicious code. The 0-day was short lived though, as Microsoft soon released details on the vulnerability.
Further analysis of the shellcode revealed a clear-text URL pointing to a known malicious server, which was stored in M86’s repository as having exploited the well-known iepeers.dll vulnerability, MS10-018.
The exploit appears to have been known about for some time and to have been used in malicious attacks.
“Based on data we have reviewed from various sources,” Schneider writes, “we can say with a high enough level of certainty, that the anonymous researcher who according to Microsoft’s security advisory, reported the vulnerability details to VeriSign iDefense, or at least one of his acquaintances, had used the vulnerability details for malicious purposes, as part of targeted attacks.”