Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft

Microsoft

Proof of Concept Code Published for Critical IE Vulnerability

Patch, patch, patch!

By Marius Oiaga, Technology News Editor

27th of March 2007, 10:41 GMT

Adjust text size:



Enlarge picture
Proof of Concept code has been published for a Microsoft Windows MDAC ActiveX vulnerability affecting Windows 2000 Sp4, Windows XP SP2 and Windows Server 2003. The MDAC ActiveX Vulnerability
was rated with a severity rating of Critical due to the fact that it allows for remote code execution. The original vulnerability has been disclosed back in July 29, 2006 in HD Moore's Month of Browser Bugs. However, Microsoft only issued a security patch in February 2007.

"Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability. This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available. On February 13, 2007, Microsoft released patch MS07-009 to address this vulnerability. We recommend that you apply this patch immediately, if you have not yet done so," revealed security company WebSense.

Although a patch from Microsoft is available addressing the MDAC ActiveX vulnerability, attackers will speculate unpatched operating systems. Using Internet Explorer as an attack vector, malicious software can be executed on a computer that is not up to date with the security patches delivered by Microsoft.

According to eEye Digital Security, the MDAC ActiveX vulnerability only impacts Internet Explorer 6. The latest version of Microsoft's browser, IE7 is not affected. "We've tested it against IE7 and haven't got it to work yet," explained Andre Protas, director of eEye's Preview research service.

Microsoft has not commented in any way the new turn of events, but since a security update is already in place and available for deployment it is not likely that the Redmond Company will take such a course of action.

TAGS:

 Windows MDAC ActiveX vulnerabili | Internet Explorer


Rating:
Fair (2.7/5) 4 vote(s) so far    

Read by 699 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Firefox 2.0 Flaws Outperform the Vulnerabilities in IE7

Internet Explorer 8 Unveiled in 62 Days?

Firefox Takes Another Bite Out of Internet Explorer

Mozilla Firefox 3.0 Drops This Spring

IE7, Firefox, Opera - The Browser War Is On! Vote Now!

Firefox 2.0 and IE7 Are Equally Matched in Security

Discover the Benefits of Deploying Internet Explorer 7

Internet Explorer Security Will Ultimately Fail Miserably

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive