Updated Tuesday, Nov. 22, to include advisories from Microsoft, Symantec and the SANS Internet Storm Center.
Cupertino, Calif.-based Symantec told customers of its DeepSight Threat Management System that the appearance of proof-of-concept code is one of the reasons why its ThreatCon remains at Level 2. The rating applies when "knowledge or the expectation of attack activity is present, without specific events occuring or when malicious code reaches a moderate risk rating."
The Bethesda, Md.-based SANS Internet Storm Center, meanwhile, has raised its alert status to yellow. The center typically does so to increase awareness when a new threat appears.
Secunia confirmed the vulnerability on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4.
The firm recommended users protect themselves by disabling Active Scripting unless it's on a trusted site.
FrSIRT said users can do this by:
- Starting Internet Explorer;
- Clicking "Internet Options" under the Tools menu;
- Clicking "Custom Level" on the Security tab;
- Clicking "Disable" under Active scripting in the Settings box; and
- Clicking OK.
Microsoft has issued an advisory on the flaw and exploit code, saying, "This issue was originally publicly reported in May as being a stability issue that caused the browser to close. Since then, new information has been posted that indicates remote code execution could be possible."
The software giant added, "Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."