New exploit targets IE 7 hole patched last week
Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched a week ago by Microsoft, security firm Trend Micro warned on Tuesday.
The malicious code, which Trend Micro named “XML_DLOADR.A,” is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said.
As a result of the back door, “anybody can run commands on the affected system,” said Jamz Yaneza, a senior threat analyst and researcher at Trend Micro.
Read more: download.com