Security researcher Eric Romang discovered the vulnerability and exploit over the weekend while monitoring some infected servers said to be used by the alleged Nitro gang. To run the attack, a file named “exploit.html” is the entry point of the attack, which loads “Moh2010.swf”
According to analysis by VUPEN, the exploit takes advantage of a “use-after-free vulnerability” that affects the mshtml.dll component of Internet Explorer.
Rapid7 on Monday released an exploit module for Metaspolit which will let security teams and attackers alike test systems.
As mentioned, Romang's first found the new zero-day code on the same server that was initially used to spread the recent Java zero-day, making people think they if both codes were not created by the same group, they are at least related.
Internet Explorer users should be consider switching to other browsers, such as Chrome or Firefox for the time being.
From what has been seen so far, the in-the-wild exploit only targets IE 8 and 7 on Windows XP only.