SANS: ActiveX Kill Bit Can Be Bypassed?


ISC reader Juha-Matti Laurio pointed out a new vulnerability note VU#998297, published by US-CERT on January 26, 2006, which states that a malicious website can bypass an ActiveX kill bit by taking advantage of a bug in Internet Explorer.

A kill bit is a registry setting that prevents Internet Explorer from running the corresponding ActiveX control even if the control is installed on the system. It is not uncommon to proactively set kill bits for known malicious ActiveX controls as part of a spyware-prevention effort. For example, the SpywareGuide website provides a freely downloadable .REG file for setting kill bits of many "dubious" ActiveX controls. SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System

Linked by shanmuga Saturday, 28th January 2006 11:20PM