Websense released some more information about their investigation in some website exploitation that involves IFRAMEs and WMF vulnerability. My fellow handler Lorna said recently, "IFrames are always suspect in my eyes." In light of this information, I have to agree with her. Take a look at Websense Security Labs website for details of their investigation including a nice movie file showing the exploitation at work.
As a side note, I am quite thankful that most university and K-12 schools are still on holiday until next week. This will hopefully give enough lead time for the mass media to report on this issue, and maybe, just maybe, Microsoft will have a better solution for the home users and our student populations. *crossing his fingers that MS will release a preliminary update quickly*
One reader send us the following summary, which pretty nicely outlines the issues with this vulnerability:
Handler on Duty
Dec 30th 2005
1 decade ago