Exploit Published For Gaping (Patched) IE Hole
March 27, 2007 by Jason
If you haven’t applied the “critical” patch in Microsoft’s MS07-009 bulletin, now might be a good time to hit that download-and-install button. Detailed exploit code for the vulnerability — discovered during HD Moore’s MOBB (month of browser bugs) project and fixed on Patch Tuesday in February — has surfaced on the Internet, offering malware authors step-by-step instructions on how to launch PC takeover attacks.
The exploit code takes aim at a remote code execution flaw in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects. This is distributed in MDAC (Microsoft Data Access Components). Read More»
