Video Screencast Help
Security Response

New Vulnerability Affecting Internet Explorer

Created: 06 Nov 2006 08:00:00 GMT • Updated: 23 Jan 2014 18:55:34 GMT
Eric Chien's picture
0 0 Votes
Login to vote

An exploit has been spotted in the wild foran unpatched vulnerability in the Microsoft XML core services, whichallow developers to create XML-enabled applications. All supportedversions of Internet Explorer (including IE7) make use of thisfunctionality and are likely to be possible vectors of attack.

While the exploit has been spotted in the wild, it has only beenseen on a single Web site and Symantec has no confirmed infectionreports from customers. Nevertheless, as always, be cautious whensurfing the Web.

Symantec has already released a signature, Bloodhound.Exploit.96, to catch this exploit. More information about the vulnerability can be found in the Microsoft Security Advisory (927892).

Update Nov. 8, 2006: A publicly available copy ofthe exploit code has been published. Users who have not already done soare recommended to view the Microsoft Security Advisory and follow thesuggested workarounds if applicable. Symantec will continue to monitorfor active exploitation of this vulnerability.