Attackers end run around IE security


This weekend, security researchers discovered a Web site using an previously unknown, or zero day, vulnerability in a relatively unused ActiveX component of Windows to infect visitor's systems. ActiveX components act as a common way to exchange data between various components of Windows. While the flawed ActiveX component--a part of Microsoft's XML Core Services 4.0--is not shipped with Internet Explorer, attackers can use the browser to trigger the flaw and compromise any system on which the ActiveX control is installed.

The vulnerability underscores that the improvements in security in the latest version of Microsoft's browser, Internet Explorer 7, do not eliminate the threats of older components of Windows, said Gunter Ollmann, director of IBM Internet Security Systems' X-Force vulnerability research team. Attackers end-run around IE security

Linked by shanmuga Wednesday, 8th November 2006 6:06AM