Earlier this week, Microsoft had issued a security advisory warning users of Internet Explorer 6 and 7 about the presence of an unpatched vulnerability. Since, then the situation has rapidly deteriorated for Microsoft. Multiple security product vendors including Symantec and McAfee have already confirmed that the vulnerability is being exploited by hackers to attack unsuspecting users. Now, PCWorld is reporting that the exploit code has been published on the web.
The vulnerability, which has been rated by Secunia as “Extremely critical”, permits the execution of arbitrary code that can result in a compromised system. The exploit code was published by Israeli researcher Moshe Ben Abu, who used a clue present in a blog post by McAfee to obtain an in-the-wild exploit.
The critical nature of the vulnerability combined with the publication of exploit code makes the situation precarious for Internet Explorer 6 and 7 users. Most experts believe that Microsoft will try to patch the vulnerability as soon as possible. However, until a patch is released, users are advised to use an alternate browser or apply the workarounds suggested by Microsoft.