Business    Entertainment    Health    Sport    Webmaster    World    News Archive  
Search the Directory   
On Echolist On Google
 
Top >  Webmaster >  2006 >  September >  2006-09-18

New Unpatched Bug Threatens Internet Explorer


According to a recent statement by a security company, there is a circulation of exploit code for an unpatched vulnerability in Microsoft`s Internet Explorer. David Cole, director of Symantec`s security response group said: "Fully-patched Windows XP SP2 and Windows 2000 SP4 systems are open to the new attack. This is proof-of-concept code, we haven`t seen any active exploits. Whether it grows into something bigger is heavily linked to if it gets remote code execution [capabilities]".

No patch is available for the bug yet, though Microsoft is investigating the case. The new IE problem is related to an ActiveX control (Microsoft DirectAnimation Path) that is part of the "daxctle.ocx" COM object. An attacker who successfully exploited the vulnerability could hijack the computer, Microsoft said, without any interaction once a user had been enticed to a malicious Web site.

Cole said it wasn`t a shock that ActiveX continues to have issues, as "the more functionality [in code], the more likely there`s an error in it. Complexity is the enemy of security. It`s a difficult problem to solve. Developers try to balance rich functionality with security."

                                 

Related News:

 


       
      About Us | Contact Us | Link To Us
      Copyrights © 2004 - 2006 All Rights Reserved.