Exploits appeared within hours for two of the bugs that Microsoft Corp. fixed Tuesday. Microsoft"s June set of security updates patched 15 separate vulnerabilities, nine of them labeled "critical," the company"s most serious threat rating. Exploit code for two of the bugs -- one in Internet Explorer (IE), the other in Windows XP, Windows 2000 and Windows Server 2003 -- have been posted to the Bugtraq and Full-disclosure mailing lists by researchers.
A. Micalizzi went public with a pair of exploits -- one successful against Windows 2000, the other against Windows XP -- that leverage one of the six IE bugs patched Tuesday. A bug -- actually two because both the ActiveListen and ActiveVoice ActiveX controls are flawed -- was tagged "critical" in IE6 on Windows 2000 and Windows XP SP2, and "critical" in IE7 on both XP SP2 and Windows Vista. ActiveListen and ActiveVoice provide speech processing and text-to-speech to the browser.