The exploit purportedly leverages the vulnerability, announced Tuesday, which leaves multiple Microsoft applications including Internet Explorer vulnerable to a remote compromise via a maliciously crafted JPEG image file.
Proof-of-concept code is often created by gray-hat hackers who have no intention of using it maliciously, but is downloaded by others who have no such scruples and subsequently incorporated in automated hacking tools or worms.
A Microsoft spokesperson said Friday that the company was not aware of any attacks against its customers using the exploit in question or using the vulnerability in question, which can be patched via Windows Update.