|
From CNET News.com: Cybercriminals are exploiting a critical hole in Internet Explorer 7 that was patched a week ago by Microsoft, security firm Trend Micro warned on Tuesday. The malicious code, which Trend Micro named "XML_DLOADR.A," is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said. As a result of the back door, "anybody can run commands on the affected system," said Jamz Yaneza, a senior threat analyst and researcher at Trend Micro. Microsoft released a security patch for the vulnerability, and others, a week ago. The vulnerability arises from the browser's improper handling of errors when attempting to access deleted objects. View: Article @ Source Site |
 |
New exploit targets IE 7 hole patched last week
© Since 2005 APH Networks Inc. All trademarks mentioned are the property of their respective owners.