Microsoft has confirmed a new unpatched vulnerability in Internet Explorer and had promised to fix the problem in the next monthly Windows update rollout (Oct 10th). In the security advisory, Microsoft admits that an ActiveX control “WebViewFolderIcon” also known as “Web View” exposes a vulnerability in the Windows Shell which can be used by attackers to hijack computers.

Windows allows you to view your computers folders in a “web view” complete with thumbnails of files and this functionality has the reported vulnerability. Internet Explorer can load the exploit remotely by the user visiting a malicious website which in turn infects the Windows Shell.

This bug was first discovered in July of this year and all currently supported versions of Windows are effected by this exploit including Win 2000, XP (both SP1 and SP2) and Windows Server. The security advisory explains how you can disable the vulnerable ActiveX component via a registry change.

Antivirus vendors are reporting that this exploit is out in the wild. Companies like F-Secure Antivirus are detecting this exploit as “Exploit.HTML.IESlice.c” which is sometimes hidden by using javascript obfuscators which F-Secure detect as “Trojan-Downloader.JS.Agent.ab” or similar. In the end, users who are exploited by this vulnerability will end up downloading files with names like “loaderadv499_3.exe” which is detected by F-Secure as “Trojan-Downloader.Win32.Small.dib”.