Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28525
  • Total Topics: 8240
  • Online Today: 825
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Unpatched Microsoft Flaw Leaves IE6 at Risk  (Read 1407 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Unpatched Microsoft Flaw Leaves IE6 at Risk
« on: 04. August 2008., 17:03:35 »


A vulnerability in as-yet unpatched Microsoft software poses a more severe threat to Internet Explorer 6 users than those on the next version of the browser, security vendor Symantec has warned.

The flaw in Microsoft's Access database software came to light just as Microsoft issued its patches for the month on July 8. The problem is within the Snapshot Viewer ActiveX control, which allows someone to see an Access report without launching the software.

Attackers are actively exploiting the vulnerability by either creating Web pages or hacking existing Web pages to host the attack. The hackers lure people to the pages through spam or an instant message.

Internet Explorer 7 will prompt users before downloading a particular ActiveX control for the first time. But Internet Explorer 6 will automatically download the control since it is digitally signed by Microsoft, Symantec said in its advisory.

Once the ActiveX control is downloaded, the flaw can allow the attacker to take over a PC.

Symantec advises administrators to set three "kill bits" for the ActiveX control, a Microsoft workaround for preventing an ActiveX control from running in Internet Explorer.

Microsoft has so far not said when it plans to release a fix. The company's next patching round is scheduled for Aug. 12.

Symantec said last month that crimeware authors had included an exploit for the Snapshot viewer vulnerability in Neosploit, a toolkit that lets hackers run a handful of exploits on a PC to see if it has an unpatched vulnerability.

However last week it appeared the cybercriminals who created Neosploit had stopped selling it, perhaps because it's price -- ranging up to US$3,000 -- was too high, and demand was declining.

News Source: PC World

Samker's Computer Forum - SCforum.info

Unpatched Microsoft Flaw Leaves IE6 at Risk
« on: 04. August 2008., 17:03:35 »




 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising