Sans is reporting the MS09-002 exploit is in the wild.
"Several AV vendors reported about MS09-002 exploits in the wild. We can
confirm this – the exploit for the CVE-2009-0075 vulnerability
(Uninitialized Memory Corruption) in Internet Explorer 7 is definitely
in the wild and working as charm on an unpatched Windows XP machine.
Initially there was some confusion about this attack as most AV vendors
mentioned Word documents. The exploit targets Internet Explorer 7, but
so far it has been delivered to the end user as a Word document. That
being said; there is absolutely nothing preventing attackers from using
the exploit in a drive-by attack (and we can, unfortunately, expect
that this will happen very soon).
The exploit code does something similar to a heap spray, but there is a
difference that it deletes created objects and even calls
CollectGarbage() as seen in the code snippet below:"
Read more: http://isc.sans.org/diary.html?storyid=5884
