Security researcher HD Moore published a module for the Metasploit framework this week that includes exploit code for a previously unknown Windows shell vulnerability.
Microsoft warned users of the issue on Thursday in a security advisory, saying that public report have pinpointed an ActiveX component as the source of the vulnerability, but that component merely exposes the vulnerable Windows shell. The flaw affects every version of the operating system, except for default installations of Windows 2003, the company said.
Full Story