This vulnerability allows anyone who uses Internet Explorer version 7.8, and 9 could be attacked easily. Especially when they visit a site that has been compromised script.
"An exploit has been used by the attackers before that (gap-ed) published by Metasploit," wrote Rapid7, Tuesday (09/18/2012).
Seeing such a huge gap, Microsoft is not blind. The software giant acknowledged that they made a number of browser versions do have a 'hole'.
"We realize that some of the series Internet Explorer can be attacked, but we have confirmed that Internet Explorer 10 is not affected by this issue," said Yunsun Wee, Director of Microsoft's Trustworthy Computing.
"We recommend that users use Microsoft's Enhanced Mitigation Experience Toolkit (EMET) 3.0, which provides effective protection without affecting web browsing experience," advises Wee.