Exploit targets IE7 hole that was patched last week

Posted on Wednesday, Feb 18 2009 @ 20:16 CET by Thomas De Maesschalck
Security firm Trend Micro warns a new exploit is out in the wild that exploits a critical hole in Internet Explorer 7 that was patched last week by Microsoft. If you haven't updated your Windows system yet, you better do it asap.
The malicious code, which Trend Micro named "XML_DLOADR.A," is hidden in a Word document. On unpatched systems, when the file is opened an ActiveX object automatically accesses a Web site to open a backdoor that installs a .DLL (dynamic link library) file that can steal information, according to a Trend Micro blog entry. The code sends stolen data to another Web address via port 443, Trend Micro said.

As a result of the back door, "anybody can run commands on the affected system," said Jamz Yaneza, a senior threat analyst and researcher at Trend Micro.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments