ActiveX Vulnerability Strike IE6Microsoft is detecting a flaw in IE 6. It is putting in place some security measures in the application. Customers are also being asked to beware of suspicious links. An entry in the Security Response Center blog of Microsoft informed that a flaw has been detected in the company's Internet Explorer 6. A weakness in the ADODB.Connection ActiveX control in the Explorer may lead to memory corruption and cause the browser to crash. The failing seems to have been found by an independent researcher and subsequently publicized by US-CERT and SecurityFocus. Microsoft ActiveX Data Objects (ADO) constitute a part of the Microsoft platform and permit the writing of programs for accessing data, irrespective of the database holding the information. SecurityFocus says that memory corruption in Microsoft Internet Explorer is likely to occur when a specific method is used from the 'ADODB.Connection.2.7' enabled ActiveX Object. Attackers could abuse their exploits to crash the browser and bar the service to genuine users. A serious outcome of the vulnerability could be the execution of arbitrary machine-code, though this has not been verified. The above-mentioned blog says Microsoft is aware of the Proof of Concept (POC) code posting with respect to ADODB.Connection. The Software Security Incident Response Process has been activated to investigate the problem. Once the investigation is over and the threat to customers understood, proper action would be taken to shield the application and guide customers. The task is being undertaken in partnership with MSRA (Microsoft Security Response Alliance). As an advice to customers, Microsoft proposes several workarounds such as making Explorer ask permission before the activation of ActiveX for the time being. Since many sites use such controls, requests are likely to be frequent. Related article: ActiveX Bug Surfaces in RealPlayer Media Player » SPAMfighter News - 11/4/2006 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!