Microsoft/XML Core Services
Microsoft has acknowledged a string of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0. The vulnerability could allow hackers to execute their own code and assume control of the machine, once the victim receives the malware through a malicious website accessed by Internet Explorer. The vulnerability affects all supported releases of Microsoft Windows as well as all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
The vulnerability is based on situations where MSXML attempts to access an object in memory that has not been initialized. This may corrupt memory, enabling attackers to execute arbitrary code in the context of the logged-on user.