Security 10748 Published by

Computerworld reports that an exploit for an unpatched vulnerability in the Microsoft XML Core Services has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.



An exploit for an unpatched vulnerability in the Microsoft XML Core Services (MSXML) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.

The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability -- an actively exploited vulnerability for which an official patch doesn't yet exist.
  Web attack toolkit exploits unpatched Microsoft XML flaw