Q406 Roll-up package

35.17 percent (61.23 previous)

Comprised of up to a dozen exploits, the most common are setSlice, VML, XML, and (IE COM) Createcomobject Code. The package is usually heavily encrypted making it difficult to single out individual exploits.

WebAttacker

13.88 percent (5.18 previous)

WebAttacker is a Russian-built software application, first introduced about two years ago. The exploit currently launches five different exploits, including the new IE VML Overflow, the new MDAC, a Firefox exploit, CreateTextRange, and an exploit for the Java Virtual Machine. Like a commercial software application, WebAttacker can be purchased online at underground hacker web sites for between $20 and $300, and requires minimal technical sophistication to use. The application is updated every few months, just like legitimate commercial software, only it is crimeware. A new update of WebAttacker, incorporating the IE VML exploit, was released on Exploit Wednesday (the day after Patch Tuesday) in September.

IE VML Overflow

6.46 percent (5.37 previous)

A buffer overflow exploit targets the Vector Markup Language feature of the Internet Explorer browser that allows execution of arbitrary code. Security researchers believe it was released on the 13th or 14th of September, right after Patch Tuesday on the 12th. The exploit affects most versions of IE. Microsoft issued an out-of-cycle patch September 27.

IE Com CreateObject code

5.98 percent (2.05 previous)

IE Com CreateObject was originally released in August as a proof of concept. The exploit creates a COM object in a mode that was never anticipated by Microsoft, and although it was intended for some useful purposes, the functions it enables are potentially dangerous in the hands of a cyber criminal such as saving files to the disk, or executing a file on the disk.