Microsoft Internet Explorer ActiveX Vulnerability

Microsoft Internet Explorer ActiveX Vulnerability

am 28.09.2006 04:10:13 von Imhotep

National Cyber Alert System

Cyber Security Alert SA06-270A


Microsoft Internet Explorer ActiveX Vulnerability

Original release date: September 27, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Internet Explorer


Overview

A vulnerability in ActiveX and Internet Explorer could allow an
attacker to take control of your computer.


Solution

Microsoft has not yet released an update to address this
vulnerability. Until an update is available, consider the following
best practices:

Disable ActiveX

Disabling ActiveX will prevent exploitation of this and other
ActiveX vulnerabilities. Instructions for disabling ActiveX in the
Internet Zone can be found in "Securing Your Web Browser" and
"Improve the safety of your browsing and e-mail activities."

Do not follow unsolicited links

Do not click on unsolicited URLs, including those received in
email, instant messages, web forums, or internet relay chat (IRC)
channels.


Description

An attacker could exploit a vulnerability in an ActiveX control by
convincing a user to visit a web site with Internet Explorer. The
attacker could then take any action as the user, including
installing malicious software and accessing sensitive personal
information.

For more technical information, see Vulnerability Note VU#753044.


References

Securing Your Web Browser -


Vulnerability Note VU#753044 -


Improve the safety of your browsing and e-mail activities -


Microsoft Security Essentials -


____________________________________________________________ ________

The most recent version of this document can be found at:


____________________________________________________________ ________

Feedback can be directed to US-CERT Technical Staff. Please send
email to with "SA06-270A Feedback VU#753044" in the
subject.
____________________________________________________________ ________

For instructions on subscribing to or unsubscribing from this
mailing list, visit .
____________________________________________________________ ________

Produced 2006 by US-CERT, a government organization.

Terms of use:


____________________________________________________________ ________


Revision History

September 27, 2006: Initial release