|
-
November 7th, 2006, 02:23 PM
#1
Registered User
Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
Just wanted to pass this along, it can affect Windows 2000, Windows XP Service Pack 2 and Windows Server 2003. Here's a blurb from Secunia:
"Description: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.
The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.
NOTE: The vulnerability is already being actively exploited.
Solution: Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details)."
Fun, fun, fun.
-
November 8th, 2006, 02:59 AM
#2
Driver Terrier
here is the Microsoft response which includes scenarios on how this attack would work and how to mitigate such an attack.
Similar Threads
-
By silencio in forum Tech-To-Tech
Replies: 6
Last Post: August 20th, 2003, 02:01 PM
-
By Shairel in forum Windows XP
Replies: 3
Last Post: August 12th, 2003, 08:37 AM
-
By wannaBEnerd in forum Windows 95/98/98SE/ME
Replies: 2
Last Post: October 15th, 2001, 12:22 AM
-
By jakkwb in forum Windows 95/98/98SE/ME
Replies: 5
Last Post: May 22nd, 2001, 05:49 AM
-
By wbatten in forum Windows NT/2000
Replies: 2
Last Post: June 16th, 2000, 09:09 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks