McAfee inadvertently speeds creation of Metaploit IE exploit pack

A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) developed exploit code for the flaw in IE 6 and 7 in knocking-up an exploit module for the open-source Metasploit exploit database. “I didn’t find the vuln’, just found it in the wild. With a little help from McAfee (http://j.mp/c4W3xA) ,” the Israeli security researcher noted in a Twitter update on Thursday. Microsoft acknowledged that the flaw, which stems from an invalid pointer reference, affects IE 6 and 7 and creates a possible mechanism for hackers to drop malware onto vulnerable systems. IE8, the latest version of Microsoft’s web surfing software, isn’t vulnerable.

…

http://www.theregister.co.uk/2010/03/12/ie_metasploit_0day_flaw/