Attack code released for IE hole
Exploit code for a new flaw in Internet Explorer could put systems at risk of remote attack, security experts warned Monday.
The exploit code, made public Monday, aims to take advantage of the “extremely critical” vulnerabilities in IE 5.5 and IE 6 running on XP Service Pack 2 (SP2), and IE 6 running on Windows 2000 SP4, security researcher Secunia said in advisory.
Once a PC user is tricked into visiting a malicious Web site, the exploit can be triggered automatically, without the user doing anything.
“An attacker could use the exploit to run any code they want to on a person’s system,” said Thomas Kristensen, Secunia’s chief technology officer. “It could be they want to launch some really nasty code on a user’s system.”
Full story: ZDNet News