Attackers ramp up zero-day ActiveX exploits

By

Roughly one month after Microsoft disclosed that attackers were exploiting a zero-day Active X vulnerability, the attacks are multiplying; but mostly in China.

Attackers ramp up zero-day ActiveX exploits
Attacks taking advantage of a zero-day vulnerability in a Microsoft Active X control are increasing in prevalence, nearly a month since the flaw and ensuing exploit code first was announced.

The bug, which enables an attacker to gain privileges of a logged-on user to launch remote code, affects the ActiveX control for the Snapshot Viewer in Office Access 2000, 2002 and 2003, Microsoft has said.

"We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China," according to a Websense Security Labs blog entry.

"There is currently no patch available, but Microsoft has several workarounds listed in their advisory."

Exploit code was posted to the exploit database Milworm on July 24, according to Websense.

Microsoft, in its advisory, suggests a number of workarounds, including disabling Active Scripting, allowing only trusted sites to run ActiveX controls and Active Scripting, and preventing component object model (COM) objects from running in Internet Explorer.

The threat is further mitigated by the fact that the vulnerable ActiveX control "does not appear in a default Microsoft Windows installation," Websense said in its blog.

Microsoft is scheduled to release its August patches a week from Tuesday, but it is uknown whether a fix for this vulnerability will be included.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?