A PDF Trojan horse is spreading malware by exploiting a URL-handling vulnerability in Windows XP and Windows Server 2003 running Internet Explorer 7, Symantec warned customers of its DeepSight Alert Services on Oct. 23.
On Oct. 10, Microsoft released Security Advisory 943521 about this vulnerability and public reports of remote code execution. At the time, it said a patch was in the works.
The vulnerability is caused by insufficient validation of URLs. Attackers can leverage the flaw to execute arbitrary commands via maliciously crated URLs.
Symantec noted in its advisory that the issue was originally disclosed in July but initially received scant attention. In light of new research, public exploits and Microsoft’s advisory, Symantec considers the problem to be more severe.
“With the ease of exploitation, the availability of public proof-of-concept code, and further attention that this vulnerability is receiving, we will likely begin to see more exploitation of this issue in the wild,” the company, based in Cupertino, Calif., said in its advisory.