Jelmer wrote:
thats this issue :
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-09/0654.html
Unfortunatly I imagine it's being used pretty heavily to install malware since I had some run ins with it myself just browsing some sites
For the past several weeks, I've seen several new web sites a day attempting to exploit either the HTA or ADODB vulnerability to execute code on visiting clients. Some are just messing with IE favorites. Others are scraping email addresses and downloading executables. Some of those executables are known malware, usually remote control trojans, that are detected by AV software. Some are not detected. I'd imagine that Carnegie Mellon's CERT, DShield, and other central monitoring organizations would have more enlightening statistics on the size of this problem.
-- Gary Flynn Security Engineer - Technical Services James Madison University