Public exploit threatens IE

Antivirus vendor is reporting the existence of an exploit based on one of the patches issued last Tuesday by Microsoft; an exploit often preceeds the appearance of a new virus or worm. In this case, the exploit, which takes advantage of COM Object Instantiation Memory Corruption Vulnerability in IE, was originally written to exploit the HTML Elements vulnerability in IE reported by Microsoft last December within its Security Bulletin MS04-040. The HTML Elements exploit was recently updated to include vulnerabilities in the JView Profiler in IE, which Microsoft patched in Security Bulletin MS05-37. The latest version of this publicly available exploit includes a simple modification to the Class Identifier (CLSID) to take advantage of the MS05-038 flaw. Since all of these vulnerabilities affect Internet Explorer, the CNET Virus Threat Watch meter has been raised to Medium. This doesn't mean we expect to see a virus or a worm; rather you should use this opportunity to update your computer and check that your antivirus app and firewall are working properly in case a virus or a worm develops.