Microsoft XML Exploit Unpatched and in the Wild

A vulnerability in Microsoft's XML HTTP request handling can be exploited via an ActiveX control through a Web browser specifically Internet Explorer according to IBM's Internet Security Systems, which claims to have originally identified the flaw. The vulnerability, which is currently being leveraged by spyware producers to install malware on exposed computers, is unpatched and active in the wild, said Gunter Ollmann, Director of XForce for IBM Internet Security Systems.

"The spyware can be accessed through various means, but most local exploitations [are] being done through Internet Explorer," he told TechNewsWorld. Technology News: Security: Report: Microsoft XML Exploit Unpatched and in the Wild

Linked by shanmuga Thursday, 9th November 2006 1:14AM