The F-Secure Weblog Reports of a new Microsoft Security Advisory (http://www.microsoft.com/technet/security/advisory/926043.mspx):
Windows allows you to view folders in a "web view", complete with thumbnails of files etc. Turns out this functionality has a vulnerability. This vulnerability can be exploited remotely via an ActiveX component in Internet Explorer. And now there's public exploit code available for this vulnerability. Over the last day or so, several malicious websites have inserted such code via IFRAMEs on their site.

You can't patch your systems, as no official patch is available. Microsoft has an advisory out, explaining how you can disable the vulnerable ActiveX component via a registry change.

We detect html files containing the exploit as "Exploit.HTML.IESlice.c". They are typically hidden with Javascript obfuscators, which we detect as "Trojan-Downloader.JS.Agent.ab" or similar. In the end, most of the exploits end up downloading binaries with names like "loaderadv499_3.exe" and so - detected by our last update as "Trojan-Downloader.Win32.Small.dib".

This thing is out there but we're really not seeing this in huge numbers.

Thanks for the heads up Randy.

No problem.

SANS - Internet Storm Center has more details here (http://isc.sans.org/diary.php?storyid=1749).

Just another good reason to use Firefox or Opera instead of IE.

Good thing I don't do that

Just another good reason to use Firefox or Opera instead of IE.

exactly rofl