An exploit for Internet Explorer was published online yesterday, showing signs of poor reliability. Symantec confirmed that the exploit affects Internet Explorer 6 and 7:
http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-publishedExperts believe a fully functional version of the exploit will be made available in the coming weeks.
The exploit requires the hacker to lure the victim onto a malicious website or a compromised webpage. Whatever method is used, the attack requires javascript on Internet Explorer. Symantec found the vulnerability in Microsoft Data Access Components, which could allow a Remote Code Execution on a user's system.
Users are cautioned to disable javascript on Internet Explorer, avoid websites they do not trust, and update their anti-virus definitions immediately. Symantec confirms that they have detected the exploit, Bloodhound.Exploit.129, rating the risk a level 1, very low:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-032701-5447-99The affected systems are currently Windows 2000, Windows Server 2003 and Windows XP.
(Neowin)