25 Trojan exploits severe Explorer security flaw

I’ve only just talked about this bug recently, although from a somewhat different perspective.

The bug is 6-months old, having been reported by Benjamin Tobias Franz in May 2005. To date, according to ComputerTerrorism, Microsoft “has failed to publicly acknowledge the presence of the flaw, or provide any timescales for an appropriate fix.”

As described in the ComputerTerrorism advisory, the flaw allows for remote code execution on the victim’s machine, which caused it to be rightfully rated “extremely critical” by Secunia.

As probably expected, there’s finally been spotted a trojan, named Delf-DH, which uses this very bug to install on the victim’s machine. Hopefully, this development will finally prompt Microsoft into issuing a patch. Until then, Explorer users are adviced to disable Active Scripting or watch their step out there…