“Full exploit code” has been published that would let attackers cut-and-paste their way to an effective assault on Internet Explorer installs, according to a report Monday from Websense Security Labs.
Microsoft reported Feb. 13 that the flaw – known since February to affect the ADODB.Connection ActiveX control in the Microsoft Data Access Components – would allow attackers to hijack targeted machines.
Security services providers and IT administrators who have not yet updated their IE installations can download the patch from Microsoft.
The flaw was discovered last July by Metasploit Framework creator H.D. Moore. Separatelym Moore announced Tuesday that version 3.0 of his popular penetration testing tool is now available.
The original version of this story appeared on TechTarget sister site SearchSecurity.com.