diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

Internet Explorer – ActiveX vulnerable even without vulnerabilities

Aug122008

Internet Explorer – ActiveX vulnerable even without vulnerabilities

According to Symantec’s Sean Hittel, attackers have found a way to essentially serve users the vulnerability prior to exploiting it. — “Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it.”

“Once this vulnerable control is installed on the victim’s computer, it is exploited in the same way as if the control was installed all along. To top it off, this attack is carried out as a drive-by attack, so the unprotected user may never know that they were vulnerable, or had been targeted, let alone infected,” Hittel stated.

Source:→ Softpedia

Share This Story, Choose Your Platform!