Flaws in ActiveX controls are being increasingly used to run security exploits


Arbitrary file overwrite and deletion flaws, typically exploited through ActiveX controls, are well on the way to becoming a new class of security flaw, according to net security firm Symantec.

"These vulnerabilities exist particularly because of a registered ActiveX control failing to restrict which domains may load the control for execution. An attack exploiting this vulnerability can lead to arbitrary code execution by a remote attacker," a blog posting by Symantec researcher Parveen Vashishtha warns. Rogue ActiveX controls menace users | Channel Register

Linked by shanmuga Friday, 26th October 2007 11:58PM