The vulnerabilities target ActiveX plug-ins used by Microsoft's Internet Explorer to load files from third-party applications.
The exploits target popular sites such as MySpace, Facebook and Yahoo's Music Jukebox.
Two of the three vulnerabilities targeted by the exploit code lie within Music Jukebox.
Symantec reported that attackers have already begun exploiting one of the vulnerabilities in order to remotely install malware on targeted systems.
"So far the exploits used in the wild have been carbon copies of the public exploit," wrote Symantec researcher Sean Hittel on a company blog.
"I suspect that it will not take long before the exploit is wrapped in an encoder in an attempt to make detection more difficult."
Facebook and MySpace are vulnerable to the same flaw, a vulnerability in the Aurigma Image Uploader tool.
If exploited, the vulnerability could allow an attacker to remotely execute code with the permissions of the current user.
The US Computer Emergency Response Team urged users to disable ActiveX controls in Internet Explorer.
Attackers gun for new ActiveX flaws
By
Shaun Nichols
on
Feb 7, 2008 3:22PM
Exploit code has been released for three ActiveX security flaws, one of which is already being exploited in the wild.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content
Why Genworth Australia embraced low-code software development
Promoted Content
The Great Resignation has intensified insider security threats
Sponsored Whitepapers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
.jpg&h=146&w=240&c=1&s=0)
