Spotlightingnews

Symantec Releases Signature for Microsoft XML Flaw

Symantec's Bloodhound.Exploit.96 signature is successful in catching the XML exploit in Microsoft's IE.

Symantec released a signature catching the exploit, after having previously announced that a flaw in Microsoft's XML core could make all Internet Explorer versions, including IE7, targets for malicious attacks, as Microsoft has not yet issued a patch for the vulnerability.

Microsoft said that it is looking into XMLHTTP 4.0 ActiveX Control, looking for the mentioned vulnerability, stating it has come to its knowledge that attacks based on the vulnerability did occur.

In order to take advantage of Microsoft's XML flaw, one would have to host a website that exploit the flaw. Given some luck in luring victims to the website, the attacker could then obtain user rights identical to those of the logged user in the visitors PC.

The Restricted sites options prevents Active Scripting while reading HTML e-mail inbox messages, but provided one clicks the link, they could however be subject to an attack, if the landing page was designed for taking advantage of this particular XML flaw.

Windows Server 2003 users have the advantage that IE runs in restricted mode (Enhanced Security Configuration), in which ActiveX and Active Scripting are disabled by default.