Exploit code released for patched Microsoft Internet Explorer flaw

Hackers released exploit code on Monday for a patched Microsoft Internet Explorer (IE) flaw. The disclosure could be the catalyst for widespread attacks, according to researchers.

An unknown hacker released the exploit on the Milw0rm website on Monday — more than a month after Microsoft released a fix (MS07-009) for the flaw as part of its February Patch Tuesday distribution.

The vulnerability exists in ADODB.Connection ActiveX object and can cause memory corruption or remote attacks, according to an updated advisory from US-CERT.

The flaw can be exploited when handling the "Execute ()" method, according to a February advisory from Secunia.

Secunia created researcher Yag Kohha with reporting the flaw.

When Redmond released a patch for the IE flaw in February — during a 12-patch distribution for 20 flaws — the fix was largely overshadowed by a single patch that corrected a list of zero day exploits in Microsoft Office.

A Monday alert from Websense Security Labs credited H.D. Moore, who published a DoS demonstration, with the original exposure of the vulnerability during his Month of Browser Bugs in July.