The developers of Metasploit framework have added an exploit for recently discovered zero-day vulnerability in the web-browser Internet Explorer 8. The critical flaw was disclosed during the investigation of the attack on the U.S. Ministry of Labour and the Ministry of Energy web-sites.
“Microsoft is investigating public reports of a vulnerability in Internet Explorer 8. Microsoft is aware of attacks that attempt to exploit this vulnerability. Internet Explorer 6, Internet Explorer 7, Internet Explorer 9, and Internet Explorer 10 are not affected by the vulnerability”, say the official statement.
The developers also discovered an exploit for a brute-force attack in IE 10, which allows to disclose list of existing files and folders on the system. Vulnerability exists because of the browser’s different responds depending on whether there is a file or directory on the system.