Microsoft Vulnerability Rooted in ActiveX Control

Microsoft is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer, according to an advisory issued Friday. One security company rated the vulnerability critical, while Microsoft said it allows only limited attacks.

The vulnerability, which is not patched yet, affects certain versions of Windows running Microsoft XML Core Services 4.0, a set of tools that allows programmers to use scripting languages to access XML documents.

The affected versions are Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1. Microsoft Vulnerability Rooted in ActiveX Control - Security Feed - Blog - CSO Magazine

Linked by shanmuga Tuesday, 7th November 2006 7:25AM