Exploit Published For Gaping (Patched) IE Hole
If you haven’t applied the “critical†patch in Microsoft’s MS07-009 bulletin, now might be a good time to hit that download-and-install button. Detailed exploit code for the vulnerability — discovered during HD Moore’s MOBB (month of browser bugs) project and fixed on Patch Tuesday in February — has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.
The exploit code takes aim at a remote code execution flaw in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects. This is distributed in MDAC (Microsoft Data Access Components). (more…)
No Comments
