iTWire - Attackers pushing ActiveX control just to exploit it

IT&T JOBS|Discussion forum|Releases|Technology Events|IT News for mobile|

Today on iTWire iPhone IT News Telecommunications People Our Blogs Tech Lifestyle Science Pod Casts Sustainability

Live Technology Events - Training - Forums - Summits

Technology news and Jobs

TAG

Attackers pushing ActiveX control just to exploit it

E-mail

by Stephen Withers
Friday, 08 August 2008
! Symantec has warned that the bad guys have started using drive-by downloads of a genuine Microsoft software component to open a security hole for subsequent exploit. The item in question is the Access Snapshot Viewer ActiveX control, which is the subject of a critical update that Microsoft plans to release next week. The control allows reports created in Access to displayed in Internet Explorer, even if Access itself is not installed. Since the Viewer is signed by Microsoft, a web site can install the control without the user being aware that anything is happening. The vulnerability in the Snapshot Viewer then allows remote code execution. According to Websense Security Labs, the vulnerability is easy to exploit. While the Snapshot Viewer is not part of a normal Windows installation, it is part of Office 2000, 2002 and 2003, which means it is widely present. But the latest development means it the flaw can potentially be exploited whether or not the control is already installed. Both Symantec and Websense recommend setting the killbit for the control as advised by Microsoft on July 7. The downside is that this will completely prevent the use of the control - even for legitimate purposes - until the new version is installed. Please enable JavaScript in your browser to post your comment! Tags See All Tags Microsoft Microsoft Office Security Software Stephen Withers Symantec Vulnerability Web Get stories like this delivered daily - FREE - subscribe now

< Next story in category		Previous story in the category >

Sponsored Releases

...Promote yourself here

Latest jobs

SAP Functional Consultant
Test Manager X 2 (M4)
Technical Support Operator (M16)
Program Director
Technical Writer (Q2)
Senior Project Manager - Construction (M15)
Contracts Manager IT
Senior Project Co-ordinator - $95K (F4)
Test Manager X 2 (M4)
SAP Functional Consultant

Visitors last 30 days
Suscribers

904,266
13,751

#1 independent technology news advertise here

Subscribe to our free e-newsletter