Attack Code for IE 0-Day (targets mshtml.dll) Added to Metasploit – 20 Nov 2010

Once again a vuln has surfaced targeting a CSS related bug in mshtml.dll. Remote code execution possible.

"…caused by a use-after-free error within the “mshtml.dll” library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various “@import” rules…"

Leave a Reply