New Vulnerability Affecting Internet Explorer
<p>An exploit has been spotted in the wild for an unpatched vulnerability in the Microsoft XML core services, which allow developers to create XML-enabled applications. All supported versions of Internet Explorer (including IE7) make use of this functionality and are likely to be possible vectors of attack.</p>
<p>While the exploit has been spotted in the wild, it has only been seen on a single Web site and Symantec has no confirmed infection reports from customers. Nevertheless, as always, be cautious when surfing the Web.</p>
<p>Symantec has already released a signature, <a href="http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-110611-5730-99">Bloodhound.Exploit.96</a>, to catch this exploit. More information about the vulnerability can be found in the <a href="http://www.microsoft.com/technet/security/advisory/927892.mspx">Microsoft Security Advisory (927892)</a>.</p>
<p><strong>Update Nov. 8, 2006</strong>: A publicly available copy of the exploit code has been published. Users who have not already done so are recommended to view the Microsoft Security Advisory and follow the suggested workarounds if applicable. Symantec will continue to monitor for active exploitation of this vulnerability.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/11/new_vulnerability_affecting_in.html
http://www.symantec.com/enterprise/security_response/weblog/2006/11/new_vulnerability_affecting_in.html
Mon, 06 Nov 2006 14:05:16 -0800
Linear Mode
