MS09002 Internet Explorer Remote Code Execution Vulnerability

This video shows a demo of the MS09-002 vulnerability in Internet Explorer 7. This vulnerability is relatively simple to exploit, as all an attacker needs to do is somehow lure the victim to view a crafted URL using the affected version of Internet Explorer. In this demo, the author, WirelessPunter shows how this vulnerability can be easily exploited in a LAN environment by DNS poisoning victims so that the web requests are redirected to the attacker's web server. Once the redirection happens, the victim is served the crafted URL because of which Internet Explorer succumbs and spawns a remote shell, which the attacker can use. Also, other ways to exploit this could be to lure the victim to a website which the attacker controls. This is one of those attacks which Phishers and Spammers could kill to get their hands on!

Milw0rm hosts one of the best Exploit databases on the web. The Exploits are separated by exploit type (local, remote, DoS, etc.).