Just pointing out that the exploit from the recent "China Hacks Google" headlines was added to the MSF exploit database.
This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the "Operation Aurora" attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited. This exploit module was written by unknown () and hdm ([email protected])
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0249
http://www.osvdb.org/61697
http://www.microsoft.com/technet/security/advisory/979352.mspx
http://wepawet.iseclab.org/view.php?hash=1aea206aa64ebeabb07237f1e2230d0...