A copy of the exploit, which targets an unpatched vulnerability in Internet Explorer, was uploaded to Wepawet, a service for detecting and analyzing web-based malware operated by the computer security group at the University of California, Santa Barbara.
Microsoft has published an analysis of the zero-day vulnerability, determining which versions are susceptible and on which platforms. Although the vulnerability exists in Internet Explorer 6, 7, and 8, the current exploit's ability to leverage the flaw is limited.
"The attacks we have seen to date, including the exploit released publicly, only affect customers using Internet Explorer 6," said the company's researchers. Internet Explorer 7 is potentially exploitable if running on XP, Microsoft said, but the current exploit does not work due to memory layout differences in that version of the browser. In Windows Vista, Internet Explorer Protected Mode also prevents the current exploit from working. If the Data Execution Prevention (DEP) feature that shipped with XP SP 3 is enabled, Microsoft says that the exploit will not work.
Although the exploit's scope is limited, the German government has nevertheless recommended that its citizens stop using Internet Explorer and use alternative browsers until the issue is resolved. France also recently joined in, advising its citizens to abstain from using Microsoft's browser, too.
"The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," said George Kurtz, CTO of McAfee, of the attack. "The now public computer code may help cyber criminals craft attacks that use the vulnerability to compromise Windows systems."