Earlier this week, Microsoft had issued a security advisory ^[1] warning users of Internet Explorer 6 and 7 about the presence of an unpatched vulnerability. Since, then the situation has rapidly deteriorated for Microsoft. Multiple security product vendors including Symantec and McAfee ^[2] have already confirmed that the vulnerability is being exploited by hackers to attack unsuspecting users. Now, PCWorld ^[3] is reporting that the exploit code has been published on the web.

The vulnerability, which has been rated by Secunia ^[4] as “Extremely critical”, permits the execution of arbitrary code that can result in a compromised system. The exploit code was published ^[5] by Israeli researcher Moshe Ben Abu, who used a clue present in a blog post ^[6] by McAfee ^[2] to obtain an in-the-wild exploit.

The critical nature of the vulnerability combined with the publication of exploit code makes the situation precarious for Internet Explorer 6 and 7 users. Most experts believe that Microsoft will try to patch the vulnerability as soon as possible. However, until a patch is released, users are advised to use an alternate browser or apply the workarounds ^[7] suggested by Microsoft.