ActiveX Controls Out of Control
,----[ Quote ]
| The federal agency's warning to disable all Internet Explorer ActiveX
| controls might as well be recommendation to use Firefox—or Opera or Safari.
| Hey, AOL, are you sure about pulling the plug on Netscape?
`----
http://www.microsoft-watch.com/content/security/activex_controls_out_of_control.html?kc=MWRSS02129TX1K0000535
Related:
The feds weigh in on Windows security
,----[ Quote ]
| "The benefits of this move are enormous: Common, secure configurations
| can help slow botnet spreading, can radically reduce delays in patching,
| can stop many attacks directly, and organizations that have made the
| move report that it actually saves money rather than costs money,"
| Paller wrote.
`----
http://news.zdnet.com/2100-1009_22-6172158.html
Yahoo IM affected by ActiveX vulnerabilities
,----[ Quote ]
| On the heels of ActiveX vulnerabilities in the image uploading tools for
| Facebook and MySpace.com, researchers warned Monday that Yahoo Instant
| Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.
`----
http://www.news.com/8301-10789_3-9864333-57.html?part=rss&subj=news&tag=2547-1_3-0-20
Exploit for 'extremely critical' Yahoo Jukebox vuln goes wild
http://www.theregister.co.uk/2008/02/05/yahoo_jukebox_vuln/
'Highly critical' security bug bites HP Virtual Rooms
,----[ Quote ]
| The vulnerability in HP Virtual Rooms resides in the ActiveX client used to
| install the service on users' PCs, according to this advisory posted Tuesday
| on the Full-Disclosure mail list. Vulnerability tracking service Secunia
| rates it "highly critical," because it can be used by attackers to compromise
| a user's machine.
`----
http://www.theregister.co.uk/2008/01/22/hp_virtual_rooms_security_bug/
'Bricking' bug threatens most HP, Compaq laptops
,----[ Quote ]
| In a post to the milw0rm.com Web site Wednesday, a Polish security researcher
| who used the alias "porkythepig" spelled out a pair of vulnerabilities in an
| ActiveX control used by HP's Software Update, the patch management program
| bundled with virtually every HP- and Compaq-branded laptop.
`----
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053818&intsrc=hm_list
Rogue ActiveX controls menace users
,----[ Quote ]
| Flaws in ActiveX controls are being increasingly used to run security
| exploits.
|
| [...]
|
| An attack exploiting this vulnerability can lead to arbitrary code execution
| by a remote attacker," a blog posting by Symantec researcher Parveen
| Vashishtha warns.
`----
http://www.theregister.co.uk/2007/10/24/activex_vulns/
RealPlayer Attack Circulating
,----[ Quote ]
| The attack exploits a flaw in an ActiveX browser helper object, software that
| RealPlayer employs to help users who are experiencing technical difficulties,
| so the PC must be using the Internet Explorer browser to be affected by this
| particular attack, Symantec said.
`----
http://news.yahoo.com/s/pcworld/20071020/tc_pcworld/138706
Yahoo! battered by second ActiveX vulnerability
,----[ Quote ]
| The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version
| 8.1.0.419, released late last week. Users are urged to upgrade.
`----
http://www.theregister.co.uk/2007/09/03/yahoo_activex_vuln/
Way Too ActiveX
,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.
`----
http://www.microsoft-watch.com/content/security/way_too_activex.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/33cfno
Acer puts Active X hole on laptops
,----[ Quote ]
| Laptop outfit Acer seems to have placed an Active X control on its
| computers that seems to allow webpages to execute any program.
|
| This huge hole in network security has been installed on board Acer
| lap-tops since 1998.
`----
http://www.theinquirer.net/default.aspx?article=36773
Adobe Confirms 'Critical' Reader, Acrobat Exploits With IE
,----[ Quote ]
| A critical security vulnerability in an ActiveX control used by
| Internet Explorer could allow malicious hackers to use Adobe's
| Reader and Acrobat software to launch PC hijack attacks,
| according to a warning from Adobe Systems.
`----
http://www.pcmag.com/article2/0,1895,2066079,00.asp
Month of ActiveX bugs project begins with two Office flaws
,----[ Quote ]
| A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
| (MoAxB) project with a bang by exposing a number of severe
| vulnerabilities affecting OCX controls in Microsoft Office.
`----
http://scmagazine.com/us/news/article/654659/month-activex-bugs-project-begins-two-office-flaws/
|
|