Another IE 6.0 vulnerability emerges
Posted on 5 Jul 2006 at 10:47
Another problem has surfaced with Internet Explorer. A proof of concept code has revealed that the Microsoft browser is open to attack through ActiveX, Microsoft's built in programming interface on Internet Explorer. Security firm Secunia rates the vulnerability as 'highly critical'.
According to Secunia, the vulnerability is due to an error in the HTML Help ActiveX control (hhctrl.ocx) when handling the 'Image' property. This can be exploited to cause a memory corruption by setting an overly long string multiple times for the property with the end result that a hacker may be able to take control of the machine.
The security firm says that the vulnerability has been confirmed on a fully patched system running Windows XP SP2 with Internet Explorer 6.0. Other versions of Windows running with different browsers such as the current beta Internet Explorer 7.0 may also be affected. Firefox, which does not support ActiveX, is unaffected.
The advice given to users wishing to guard against the latest exploit is to disable the 'Run ActiveX controls and plug-ins' setting for all but trusted sites - which is probably good advice in any case.
Author: Steve Malone
advertisement
- Photoshop Mobile on Android review: first look
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
Printed from www.pcpro.co.uk

