According to iDefense, some form of exploit code is publicly available against the cross-domain information disclosure vulnerability described in bulletins MS06-021, the address bar spoofing flaw in MS06-021 and the Word malformed object pointer vulnerability described in MS06-027.

All three were previously known flaws and were given a severity rating of "critical" by Microsoft.

In addition, exploits have also become publicly available for both of the newly disclosed server message block vulnerabilities in MS06-030, according to iDefense.

The SANS Internet Storm Center this morning posted a note also listing exploits released by penetration-testing vendors to customers. One of the exploits was directed against the Windows Media Player flaw in MS06-024, while the other was targeted at the routing and remote-access vulnerability in MS06-025.

Denial-of-service attack codes are also privately available for a TCP/IP flaw in MS06-032, according to SANS.