The unpatched CreateTextRange vulnerability in Internet Explorer is already being used by at least one Web site to install on users’ machines, a organization said Friday.

“We just received a report that a particular site uses the vulnerability to install a spybot variant,” the SANS Institute’s Internet Storm Center (ISC) warned Friday in an alert. “It is a minor site with insignificant visitor numbers according to Netcraft’s ‘Site rank.’”

Read full story