This Metasploit module exploits a memory corruption flaw in Microsoft XML Core Services when trying to access an uninitialized Node with the getDefinition API, which may corrupt memory allowing remote code execution. At the moment, this module only targets Microsoft XML Core Services 3.0 via IE6 and IE7 over Windows XP SP3.
b42f6ac491db2e23d28b44a0a21b16d7602d98dada63659c4d62505cfc674e08