Topic: Internet Explorer exploit published online (Symantec - Bloodhound.Exploit.129)

[Samker]

An exploit for Internet Explorer was published online yesterday, showing signs of poor reliability. Symantec confirmed that the exploit affects Internet Explorer 6 and 7: http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published
Experts believe a fully functional version of the exploit will be made available in the coming weeks.

The exploit requires the hacker to lure the victim onto a malicious website or a compromised webpage. Whatever method is used, the attack requires javascript on Internet Explorer. Symantec found the vulnerability in Microsoft Data Access Components, which could allow a Remote Code Execution on a user's system.

Users are cautioned to disable javascript on Internet Explorer, avoid websites they do not trust, and update their anti-virus definitions immediately. Symantec confirms that they have detected the exploit, Bloodhound.Exploit.129, rating the risk a level 1, very low: http://www.symantec.com/security_response/writeup.jsp?docid=2007-032701-5447-99

The affected systems are currently Windows 2000, Windows Server 2003 and Windows XP.

(Neowin)

[Fireberg]

Internet Explorer users can also upgrade to Internet Explorer version 8. Even so, they will still be vulnerable to some exploits. Firefox or Opera are probably the safest browsers to use.

Thanx