ActiveX Controls Still Vulnerable After Four Years


Activity spotted by an eWeek reporter on at least two "gray hat" vulnerability research sites appears to indicate that an exploit for a weakness in one of Microsoft's Multimedia ActiveX controls discovered last June may still be feasible, even after four years of patches.

The fact that this set of controls, which was last used in Internet Explorer 5.0 and is still installed on many systems, could be so easily exploited to trigger heap overflows, has been a published fact since at least 2003. BetaNews | ActiveX Controls Still Vulnerable After Four Years

Linked by shanmuga Saturday, 16th September 2006 7:57AM