Attackers dig into zero-day flaw

by admin November 7, 2006 at 11:07 am

An “extremely critical” vulnerability has been discovered in Microsoft’s XML Core Services, according to several security companies.

The vulnerability, which affects only systems running Internet Explorer, is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and could be used to seize control of an affected system, according to an advisory from Secunia, a security company based in Denmark.

IBM-owned ISS X-Force detailed on its site the kind of damage that could be caused by the vulnerability.

“This could lead to loss of confidential information, disruption of business, or further compromise,” according to the security company.

For the vulnerability to be exploited, a user would have to visit a malicious Web site, Secunia said.

Read more: ZDNet