Exploit published for gaping (patched) IE hole

If you haven't applied the "critical" patch in Microsoft's MS07-009 bulletin, now might be a good time to hit that download-and-install button.Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.

If you haven't applied the "critical" patch in Microsoft's MS07-009 bulletin, now might be a good time to hit that download-and-install button.

Detailed exploit code for the vulnerability -- discovered during HD Moore's MOBB (month of browser bugs) project and fixed on Patch Tuesday in February -- has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.

The exploit code takes aim at a remote code execution flaw in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO). This is distributed in MDAC (Microsoft Data Access Components).

In the MS07-009 bulletin, Microsoft warns:

An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites. These Web sites could contain specially crafted content that could exploit this vulnerability... It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

The publication of this exploit has caught the attention of the security research community because this type of vulnerability has been very popular with malicious attacks in the past.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All