An exploit for Internet Explorer was published online yesterday, showing signs of poor reliability. Symantec confirmed that the exploit affects Internet Explorer 6 and 7. Experts believe a fully functional version of the exploit will be made available in the coming weeks.
The exploit requires the hacker to lure the victim onto a malicious website or a compromised webpage. Whatever method is used, the attack requires javascript on Internet Explorer. Symantec found the vulnerability in Microsoft Data Access Components, which could allow a Remote Code Execution on a user"s system.
Users are cautioned to disable javascript on Internet Explorer, avoid websites they do not trust, and update their anti-virus definitions immediately. Symantec confirms that they have detected the exploit, Bloodhound.Exploit.129, rating the risk a level 1, very low.
The affected systems are currently Windows 2000, Windows Server 2003 and Windows XP.