This is part 2 of the article on MS08-078.

Below I'll talk about what this particular invocation of the exploit carried in terms of payloads.

Often times I'm asked what actually happens to a system when the browser is exposed to a modern web exploit.  By "web exploit", I'm referring to the type of exploit where your browser only need visit a site - no user interaction (like opening a file) is necessary.  I thought it might be interesting to take a look at a real-world implementation of the new IE exploit (MS08-078) to see what the payload was.  I'm going to break this up into two posts just because of the size of the screenshots.