The exploits for the recently detected vulnerability in Internet Explorer 7 are now available on public websites. Most malicous websites currently are hosted in china, but this is expected to change soon: Attackers can simply modify the available Proof-of-Concept (PoC) samples.

The vulnerability affects every operating system from Windows XP to Windows 2008 with IE7. Mitigating the risk is possible by activating DEP for the Internet Explorer and disabling Active Scripting / JavaScript. An update from Microsoft to solve the problem is still not available.

We detect and block the currently known exploits as EXP/XMLSPAN.A and EXP/XMLSPAN.B.

Dirk Knop
Technical Editor