Attackers target Visual Studio flaw

Attackers are actively exploiting the Visual Studio flaw

Microsoft has issued a security warning about an unpatched vulnerability in its Visual Studio 2005 developer tool. 

Attackers are actively exploiting the flaw, which allows code execution without any user interaction. Security vendor Secunia has given the flaw its most severe security rating of 'extremely critical'.

The flaw can be exploited through a specially crafted webpage. When a user visits the site, the attacker can install and execute malware.

The vulnerability lies within a component of Microsoft's ActiveX software called WMI Object Broker Control. ActiveX is commonly used by Internet Explorer to work with data from other applications such as media players or image viewers.

Microsoft said in a security bulletin that it is investigating the issue. The company has not ruled out issuing a fix outside of its monthly patch schedule if necessary.

Microsoft said that only users who have approved the component through the ActiveX Opt-in feature will be vulnerable to the attack. The company warned users against following unsolicited or suspicious links.