Porn Sites Exploit New Internet Explorer Flaw - Patch Due Oct 10

Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user’s system. Microsoft is aware that this vulnerability is being actively exploited.

A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility Microsoft’s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs.

Microsoft Security Advisory - Vulnerability in Vector Markup Language Could Allow Remote Code Execution

The problem, which a affects graphics code called Vector Markup Language, was discovered by the American company Sunbelt Security.

Researchers at the company found pornographic websites that were exploiting the vulnerability to install programmes known as spyware, which can harvest personal details such as banking passwords and credit card numbers from affected computers.

Hackers could also take control of a computer and use it to send out spam e-mails or to mount attacks on other websites. Users may be unaware of the intruder within their PC, although affected machines will usually run more slowly than usual and may crash unexpectedly.

Times Online - Porn sites exploit new Internet Explorer flaw