IE Exploit Strikes, Installs Spyware
The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install spyware on users’ machines, a security organization said Friday.
“We just received a report that a particular site uses the vulnerability to install a spybot variant,” the SANS Institute’s Internet Storm Center (ISC) warned Friday in an alert. “It is a minor site with insignificant visitor numbers according to Netcraft’s ‘Site rank.’”
