Q406 Roll-up package

61.23 percent (70.9 previous)

Comprised of up to a dozen exploits, the most common are setSlice, VML, XML, and (IE COM) Createcomobject Code. The package is usually heavily encrypted making it difficult to single out individual exploits.

MDAC

7.10 percent (5.70 previous)

Although technically not an exploit, MDAC refers to a creative method of using certain ActiveX controls in a context for which Microsoft did not originally intend them to be used. They instantiate an ActiveX control inside a web script that allows files to be written to the disk and executed.

IE VML Overflow

5.37 percent (1.20 previous)

A buffer overflow exploit targets the Vector Markup Language feature of the Internet Explorer browser that allows execution of arbitrary code. Security researchers believe it was released on the 13th or 14th of September, right after Patch Tuesday on the 12th. The exploit affects most versions of IE. Microsoft issued an out-of-cycle patch September 27.

WebAttacker

5.18 percent (2.30 previous)

WebAttacker is a Russian-built software application, first introduced about two years ago. The exploit currently launches five different exploits, including the new IE VML Overflow, the new MDAC, a Firefox exploit, CreateTextRange, and an exploit for the Java Virtual Machine. Like a commercial software application, WebAttacker can be purchased online at underground hacker web sites for between $20 and $300, and requires minimal technical sophistication to use. The application is updated every few months, just like legitimate commercial software, only it is crimeware. A new update of WebAttacker, incorporating the IE VML exploit, was released on Exploit Wednesday (the day after Patch Tuesday) in September.