Exploit code out for Internet Explorer flaw

Bill Brenner

IT administrators who have yet to install an Internet Explorer (IE) patch released in February may want to move it up the priority list. Attackers have access to exploit code for one of the flaws the patch addressed.

San Diego-based Websense Security Labs reported on its Web site

    Requires Free Membership to View

Monday that "full exploit code" has been published for the flawed ADODB.Connection ActiveX control in Microsoft Data Access Components (MDAC). Attackers could exploit the flaw, which Microsoft patched in its Feb. 13 MS07-009 bulletin, to hijack targeted machines.

"Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability," Websense Security Labs said in its advisory. "This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially now that exploit code is publicly available."

Related stories:
Metasploit creator promises browser flaws galore

Microsoft fixes zero-day flaws in Word, Office
The flaw was originally brought to light by Metasploit Framework creator H.D. Moore during his Month of Browser Bugs project last July.

"The original demonstration of this vulnerability occurred on July 29, 2006 in H.D. Moore's Month of Browser Bugs #29," Websense Security Labs said. "At the time, only a denial-of-service demonstration was published."

The faulty ActiveX control at the heart of the flaw is used in Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 for Itanium-based Systems.

The patch can be downloaded from the Microsoft Web site.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: