Metasploit is a free, Open Source security testing tool. It's the cat's meow, and so the World+Dog now have the exploit. If you're still on IE6 or IE7, get off it right now. Microsoft says so, too:
A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer.
Moshe Ben Abu (AKA Trancer00t) developed exploit code for the flaw in IE 6 and 7 in knocking-up an exploit module for the open-source Metasploit exploit database.
"I didn't find the vuln', just found it in the wild. With a little help from McAfee (http://j.mp/c4W3xA) :-)," the Israeli security researcher noted in a Twitter update on Thursday.
Microsoft acknowledged that the flaw, which stems from an invalid pointer reference, affects IE 6 and 7 and creates a possible mechanism for hackers to drop malware onto vulnerable systems. IE8, the latest version of Microsoft's web surfing software, isn't vulnerable.
Our investigation so far has shown that Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7 are vulnerable.This is in the wild, folks, meaning that it's coming to a computer near you. Your computer.
Get Firefox here.
Get Internet Explorer 8 (not bad, actually) here.