Microsoft Internet Explorer ActiveX Vulnerability

Secure Home | Search | About

Lost Password?

General Computer Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject	Author	Date
Microsoft Internet Explorer ActiveX Vulnerability	imhotep	09-27-2006

Posted by imhotep on September 27, 2006, 10:10 pm

If you were Registered and logged in, you could reply and use other advanced thread options

National Cyber Alert System

Cyber Security Alert SA06-270A

Microsoft Internet Explorer ActiveX Vulnerability

Original release date: September 27, 2006
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows
* Internet Explorer

Overview

A vulnerability in ActiveX and Internet Explorer could allow an
attacker to take control of your computer.

Solution

Microsoft has not yet released an update to address this
vulnerability. Until an update is available, consider the following
best practices:

Disable ActiveX

Disabling ActiveX will prevent exploitation of this and other
ActiveX vulnerabilities. Instructions for disabling ActiveX in the
Internet Zone can be found in "Securing Your Web Browser" and
"Improve the safety of your browsing and e-mail activities."

Do not follow unsolicited links

Do not click on unsolicited URLs, including those received in
email, instant messages, web forums, or internet relay chat (IRC)
channels.

Description

An attacker could exploit a vulnerability in an ActiveX control by
convincing a user to visit a web site with Internet Explorer. The
attacker could then take any action as the user, including
installing malicious software and accessing sensitive personal
information.

For more technical information, see Vulnerability Note VU#753044.

References

Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

Vulnerability Note VU#753044 -
<http://www.kb.cert.org/vuls/id/753044>

Improve the safety of your browsing and e-mail activities -
<http://www.microsoft.com/athome/security/online/browsing_safety.mspx>

Microsoft Security Essentials - <http://www.microsoft.com/protect/>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/alerts/SA06-270A.html>
____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
subject.
____________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History

September 27, 2006: Initial release

Similar Threads	Posted
Re: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability	December 15, 2005, 10:03 am
Re: Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability	May 30, 2006, 1:55 am
Re: Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability	June 2, 2006, 10:27 pm
Microsoft IIS ASP Remote Code Execution Vulnerability	July 18, 2006, 10:03 pm
Randpm Internet Explorer Pop-ups. Please help!!	April 12, 2005, 11:06 am
Random Internet Explorer Pop-ups. Please help!!	April 12, 2005, 11:06 am
Just How bad is ActiveX	October 31, 2008, 11:07 am
Best settings for ActiveX in IE ?	January 13, 2005, 10:37 am
ActiveX drive-by download Sites	December 29, 2004, 1:01 pm
Exploit released for unpatched ActiveX flaw	September 15, 2006, 5:46 pm

The site map in XML format XML site map