[ news_security_news ]
ActiveX Poses New Problem For IE
David Utter
Staff Writer
2006-07-06
 Insider Reports RSS Feed
A highly critical vulnerability in the Internet Explorer browser's HTML Help could be exploited to gain remote system access on a machine.
An advisory posted by Secunia's tracking service noted the latest problem to bedevil Internet Explorer users.
A memory corruption condition could be a problem for IE users, should it be exploited. The flaw could permit the execution of arbitrary code on a system.
"The vulnerability is caused due to an error in the HTML Help ActiveX control (hhctrl.ocx) when handling the "Image" property," Secunia noted in its advisory.
"This can be exploited to cause a memory corruption by setting an overly long string multiple times for the property."
The problem has been confirmed on a fully patched system with all patches in place for Windows XP SP2, running Internet Explorer 6.0.
An advisory from Microsoft is not currently available. Secunia recommends disabling the "Run ActiveX controls and plug-ins" setting for all but trusted sites until the issue has been corrected.
Issues like these have been a nigh-regular occurrence in IE. And the potential for a crippling wave of Trojan horse attacks on Windows platforms have become so great, one security company recommended that home users should consider a Mac for their computing needs.
For those who want to or need to stay in Windows, freely available browser options from Opera and Firefox are available for consideration.
---
Tags: IE, ActiveX
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
