Update: Microsoft falls through XML flaw

Microsoft is investigating reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control

Security experts at Symantec issued a warning yesterday about an exploit spotted in the wild for an as yet unpatched vulnerability in Microsoft's XML core services.

Virus analyst Eric Chien warned that all supported versions of Internet Explorer, including IE7, make use of this functionality and are likely to be possible vectors of attack.

Microsoft issued a statement on Friday saying that it was investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control. The company is "aware of limited attacks attempting to use the reported vulnerability".

"While the exploit has been spotted in the wild, it has only been seen on a single website and Symantec has no confirmed infection reports from customers. Nevertheless, as always, be cautious when surfing the web," said Chien.

Symantec has already released a signature, Bloodhound.Exploit.96, to catch this exploit.

Microsoft said that an attacker would have to host a website that contains a page used to exploit this vulnerability, largely through persuading victims to visit the site.

An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

Users whose accounts are configured to have fewer user rights on the system should therefore be less affected than users who operate with administrative rights.

• Microsoft Security Advisory (927892)