Earlier this month, Microsoft published KB943521. This article acknowledged that third party software had to validate URLs before passing them to Internet Explorer, as Internet Explorer will not validate them. Today, Microsoft published an update to the advisory, suggesting limited exploitation of this vulnerability.

Thanks to Chris and Gilbert to alert us of the update! Let us know if you see an exploit in the wild, or if you encounter any 3rd party applications which are not protecting Internet Explorer.

Update: unlike noted earlier, Microsoft is working on a patch for this problem. (thanks Nate for pointing this out)

Links:

www.microsoft.com/technet/security/advisory/943521.mspx

blogs.technet.com/msrc/archive/2007/10/25/ msrc-blog-october-25th-update-to-security-advisory-943521.aspx