An exploit has been spotted in the wild foran unpatched vulnerability in the Microsoft XML core services, whichallow developers to create XML-enabled applications. All supportedversions of Internet Explorer (including IE7) make use of thisfunctionality and are likely to be possible vectors of attack.
While the exploit has been spotted in the wild, it has only beenseen on a single Web site and Symantec has no confirmed infectionreports from customers. Nevertheless, as always, be cautious whensurfing the Web.
Symantec has already released a signature, Bloodhound.Exploit.96, to catch this exploit. More information about the vulnerability can be found in the Microsoft Security Advisory (927892).
Update Nov. 8, 2006: A...