Home / mailings Websense Security Lab
Posted on 26 March 2007
Websense Security LabFull exploit code was published this morning for MDAC vulnerability MS07-009. The original demonstration of this vulnerability occurred on July 29, 2006 in HD Moore's Month of Browser Bugs #29. At the time, only a denial-of-service demonstration was published.
http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html
Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability. This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available.
On February 13, 2007, Microsoft® released patch MS07-009 to address this vulnerability. We recommend that you apply this patch immediately, if you have not yet done so. See the Microsoft Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/ms07-009.mspx
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=758
