Attack code for two actively exploited vulnerabilities in Microsoft software, one of which has not yet been patched, was integrated into the open source Metasploit penetration testing framework.

One of the vulnerabilities is identified as CVE-2012-1875 and is located in Internet Explorer. Attackers can exploit it to execute malicious code by tricking users into visiting a specially crafted Web page or opening a Microsoft Office document that has a malicious ActiveX control embedded into it.