Public exploits available
A vulnerability exists in the XMLHTTP ActiveX control within Microsoft XML Core Services that could allow for remote code execution.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.
An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page or clicked a link in an e-mail message. This component has a function that can be invoked with particular parameters that results in memory corruption leading to remote code execution.
No known false positives at this time.
Prevent the XMLHTTP 4.0 and XMLHTTP 6.0 ActiveX Controls from running in Internet Explorer.