An exploit has been spotted in the wild foran unpatched vulnerability in the Microsoft XML core services, whichallow developers to create XML-enabled applications. All supportedversions of Internet Explorer (including IE7) make use of thisfunctionality and are likely to be possible vectors of attack.
While the exploit has been spotted in the wild, it has only beenseen on a single Web site and Symantec has no confirmed infectionreports from customers. Nevertheless, as always, be cautious whensurfing the Web.
Update Nov. 8, 2006: A publicly available copy ofthe exploit code has been published. Users who have not already done soare recommended to view the Microsoft Security Advisory and follow thesuggested workarounds if applicable. Symantec will continue to monitorfor active exploitation of this vulnerability.