Zero-Day Internet Explorer Exploit Published

[DarthTrader]

Thanks for testing this, ProxoDent!

Now that I think of it, I have a filter which does the job nicely:

Code:

Name = "<script>: Remove Obfuscated Code"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js)|$TYPE(vbs))"
Bounds = "$NEST(<script,</script*>)"
Limit = 32767
Match = "*(\\([0-7]+{1,3}&&[#000:377])"
        "|(%|\\x)([a-f0-9])+{2}"
        "|(%|\\)u([a-f0-9])+{4}"
        "|\@([0-9])+{4,12}"
        ")+{5,*}*"
Replace = "<!-- PROX: Obfuscated Script removed -->$SET(script=)"

This is a modified version of a filter which was discussed in 2008, I believe.