Wednesday, 07 January 2009
Home arrow Advertises arrow Vulnerabilities arrow Second hole in IE also being actively exploited
Security software
Anti spam tools
Anti spyware tools
Antivirus
Backup
Encryption
Firewall
Free software
Passwords managers
Popup ad blockers
Other
Other
Submit software
Security news
Security information
Contact us


RSS
Security software
Security software


Security software reviews
Newzsearch
Affiliate Programs
Hand guns
Criminal Defense Lawyer


Second hole in IE also being actively exploited
Thursday, 28 September 2006
Microsoft has just released its unscheduled patch to close the VML hole in Internet Explorer, and already there's a major problem with a second still open hole. It is related to a problem in the daxctle.ocx multimedia control for DirectAnimation, first reported two weeks ago. Beyond a proof-of-concept exploit that only functioned on Chinese Windows 2000 computers with certain preconditions, no other code had been publicly sighted capable of exploiting that hole, through which rigged websites could smuggle malware onto visitors' PCs. Secunia, a security service provider, stood alone in its claims of having developed an exploit in its labs capable of infecting completely patched Windows XP SP2 machines.

Sunbelt Software, an American manufacturer of security software, reports that this situation has now changed. As with the VML hole, websites are appearing on the net that can plant and launch the malicious code on Windows XP SP2 computers. Beyond calling up the site, no user interaction is required. Several greeting cards are also making the rounds on the net, in an attempt to lure users into visiting tainted websites, or simply redirecting them there. One page, identified by Sunbelt, redirects users from a porno site into areas of the net in which the VML exploit was also first discovered.

The new exploit uploads a forged version of the file svchost.exe onto the computer. A backdoor (%system%hehesox.dll) also receives commands from the outside. Until patches are released, the only remedy is either, to completely deactivate ActiveX, or to individually turn off the affected controls. This is handled through what are known as kill bits. The heise Security Browsercheck shows how to set Internet Explorer to run more safely. Microsoft has published an advisory with specifics about the hole.
 
< Prev   Next >
[ Back ]
Security articles
  • Rootkits the new weapon for cyber criminals (q)
  • Sniffing (q)
  • Definition: PGP (q)
  • Cryptanalysis (q)
  • Backup Hints (q)
    • © 2004-2007 Daita.org