Another Zero-Day exploit hits the day after Big Tuesday.
FrSIRT (French Security Incident Response Team, a security-monitoring company) released a "critical" alert Wednesday, this is its most serious reating. The announcement had to do with IE v5.01 and 6 running on current Windows operating systems.
The problem lies in an ActiveX control dealing with multimedai features and, when viewing a properly encoded web page, the system can be exploited using this, now widely known, flaw.
Unfortunatly, it appears that the Zero-Day code that could be used to hijack Windows systems by way of this as-yet-unpatched IE flaw, is already posted on the internet. It was published on public areas of the Net, where anyone could use it.
Microsoft is suggesting Windows users disable ActiveX and active scripting controls until they get a patch for it. According to a Microsoft representative "Microsoft's initial investigation reveals that this exploit code could allow an attacker to execute memory corruption." When Microsoft finishes its investigation, they may (or may not) issue a patch for the flaw during thier monthly update process. However, Microsoft is adament about the fact that they are unaware of any attacks that attempt to exploit the newest IE vulnerability.
