Microsoft Internet Explorer iepeers.dll use-after-free exploit

New Microsoft Internet Explorer 0day exploit has been found circulating in-the-wild. According to Microsoft, there are targeted attacks attempting to use this vulnerability. Microsoft published a security advisory for this vulnerability here:
Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution

The vulnerability is a use-after-free (invalid pointer reference) vulnerability within iepeers.dll and only Internet Explorer versions 6 and 7 are vulnerable. Internet Explorer 8 and 5 are not affected.

I’ve found this exploit in-the-wild on The payload download and executes a binary file which connects back to
Here’s the exploit as it was found in-the-wild, a bit un-obfuscated and payload removed – ie_iepeers_wild.txt

And here’s a Metasploit exploit module for this vulnerability. Tested successfully on the following platforms:
– Microsoft Internet Explorer 7, Windows Vista SP2
– Microsoft Internet Explorer 7, Windows XP SP3
– Microsoft Internet Explorer 6, Windows XP SP3

As usual, this post will update with further references and updates when available.
Happy exploitation :-)

ie_iepeers Metasploit from 4xteam on Vimeo.