A zero-day flaw in versions of Microsoft’s XML Core Services (MSXML) is being actively exploited in the wild.
The vulnerability, which was discovered by Google, exists when MSXML attempts to access an object in memory that has not been initialized, and affects all supported versions of Windows as well as Microsoft Office 2003 and 2007. In a blog post, Google Security Engineer Andrew Lyons wrote the attacks were being distributed both through malicious Web pages targeting Internet Explorer users as well as through Office documents.
If successfully exploited, the bug can be used to enable an attacker to remotely execute code. (Read More)