Controversial Windows XP vulnerability now being exploited

From InfoWorld: The Windows XP exploit that was published by a Google engineer last week is now being exploited in the wild, according to researchers at Sophos Labs.

The vulnerability, which could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message, was published by Tavis Ormandy just five days after he alerted Microsoft to the problem.

Sophos reported Tuesday that its labs received the first proactive detection on malware that is spreading via a compromised Web site. "This malware downloads and executes an additional malicious component (which will shortly be detected as Troj/Drop-FS) on the victim's computer, by exploiting this vulnerability," according to a blog post on the Sophos site.

Ormandy's publication of the vulnerability's details have been the subject of much criticism in the last week. Ormandy, who said the exploit is possible through most browsers, posted details of the vulnerability and proof-of-concept code to the Full Disclosure listserv -- only days after giving Microsoft the information.

View: Article @ Source Site