Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability

Symantec has received reports that this issue is being actively exploited in the wild.

Exploits are publicly available. Note that these exploits have been observed to crash vulnerable versions of Internet Explorer, but Symantec has not completely verified them.

Use caution when handling these exploits. Test them only in isolated environments because they may be malicious.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following commercial exploit is available through Immunity CANVAS Early Updates:
https://www.immunityinc.com/downloads/immpartners/msparsing_xml.tar.gz


 

Privacy Statement
Copyright 2010, SecurityFocus