Unpatched IE Flaw Now Exploitable
Security firm published proof-of-concept code for a six-month-old unpatched IE flaw.
"Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user," according to security firm, Computer Terrorism.
Johannes Ullrich of the SANS Internet Storm Center (ISC) noted that the flaw allows for arbitrary executables to be executed without user interaction.
Computer Terrorism's PoC demo will launch a calculator (calc.exe), though Ullrich commented that there is also a version that will allow a user to open a remote shell.
As a result of the publicly available PoC, security news aggregator Secunia has upped its assessment of the flaw to extremely critical, its highest security warning level.