VUPEN, an IT security research company has reported a critical vulnerability in Internet Explorer that has been known for about two weeks.
With reference to VUPEN security advisory, a vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a use-after-free error within the “mshtml.dll” library when processing a web page referencing a CSS (Cascading Style Sheets) file that includes various “@import” rules, which could allow remote attackers to execute arbitrary code via a specially crafted web page.
VUPEN has confirmed this vulnerability with Microsoft Internet Explorer 8 on Windows 7, Windows Vista SP2 and Windows XP SP3, and with Internet Explorer 7 and 6 on Windows XP SP3. Microsoft has yet to respond and it is not know if or when a patch will be released.
Download Metasploit Framework exploit Code for this vulnerability here.