OS Windows : A new vulnerability discovered...
Sunday, 5. November 2006, 20:17:32
Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
Secunia Advisory: SA22687
Release Date: 2006-11-04
Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS:
Software: Microsoft Core XML Services (MSXML) 4.x
Description:
A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.
The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.
NOTE: The vulnerability is already being actively exploited.
Solution:
Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details).
Go to Secunia website.
Read the whole article.
You must be logged in to write a comment. if you're not a registered member, please 
(25%)
