Attackers end-run around IE security
,----[ Quote ]
| The vulnerability underscores that the improvements in security in the
| latest version of Microsoft's browser, Internet Explorer 7, do not
| eliminate the threats of older components of Windows, said Gunter
| Ollmann, director of IBM Internet Security Systems' X-Force
| vulnerability research team.
|
| [...]
|
| Online criminals frequently use flaws in ActiveX to install malicious
| code on victims' PCs via their browsers. One tool - known as WebAttacker
| and sold from a Russian website for about $20 - has had great success
| in compromising the security of victims' computers.
`----
http://www.theregister.co.uk/2006/11/08/ie_security_analysis/
http://www.securityfocus.com/news/11422?ref=rss
Interesting points to ponder. Prelude to vulnerabilities onslaught? A few
holes could start the creation of derivative exploits? Firefox, Opera,
Safari and Konqueror do not have ActiveX controls. The /user/ is in control.
|
|
