Exploit now publicly available for unpatched IE flaw
An exploit has become publicly available for a newly disclosed critical -- and as yet unpatched -- vulnerability in Microsoft Corp.'s Internet Explorer Web browser.
The exploit has been posted on several Internet sites and gives even relatively novice hackers an easy way to take advantage of a flaw in the way IE processes information using the createTextRange () method, according to Secure Elements Inc., a Herndon, Va.-based security firm. "It's just a matter of time before the exploit gets turned into a virus or a worm" capable of creating considerable damage on unprotected systems, said Scott Carpenter, director of security labs at Secure Elements.