Home / mailingsPDF  

Websense Security Lab

Posted on 26 March 2007
Websense Security Lab

Full exploit code was published this morning for MDAC vulnerability MS07-009. The original demonstration of this vulnerability occurred on July 29, 2006 in HD Moore's Month of Browser Bugs #29. At the time, only a denial-of-service demonstration was published.

http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html

Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability. This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available.

On February 13, 2007, Microsoft® released patch MS07-009 to address this vulnerability. We recommend that you apply this patch immediately, if you have not yet done so. See the Microsoft Security Bulletin at:

http://www.microsoft.com/technet/security/bulletin/ms07-009.mspx

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=758

 

TOP