ActiveX/IE/IIS Bug Allows System Takeover
Source: Tom's Hardware – Keywords: activex Category : Miscellaneous
According to a security bulletin issued on 20 November 2002 by Microsoft, a critical buffer overflow vulnerability in an ActiveX control allows Windows 95, 98, Me, 2000, and NT systems to be taken over by a hostile Web page or e-mail message. The problem, discovered by Foundstone Research Labs, affects both client and server machines. The buffer overflow is present in versions 2.6 and earlier of the Microsoft Data Access Control (MDAC), which is installed on virtually all Windows systems prior to XP. It's also present in Internet Explorer 5 and 6.
The bug is rendered more serious by two technical glitches. First, even after one has installed the patch, it can be undone by a malicious Web page or e-mail message that contains code which can overwrite the patched version with the older one. (The original control is digitally signed by Microsoft, so if your system is configured to trust Microsoft products it will willingly download and install it.)
More at ExtremeTech
-
Previous News Article
Pretec Announces 3 GByte CompactFlash... -
Next News Article
Nvidia unveils K8-supporting single chip
- Bush Aide Stumps for Economic Optimism at Comdex
- Comdex Speaker Presents "Techno centric" View of the Universe
- Comdex Producer may file for bankruptcy protection
- Insight Media: Projection industry eyes TV and home theater markets
- Intel's launch to push DDR400 to mainstream in 2Q next year
- New Drivers For nForce and nForce2 platform
- Adobe Systems sued for trade secret infringement
- HP posts big net profit for most recent quarter
- Intel launches 2.2 and 2.1GHz Celerons
- Nvidia CEO: NV30 to place Nvidia as performance leader in desktop...