All the latest UK technology news, reviews and analysis

Attackers gun for new ActiveX flaws

by Shaun Nichols

More from this author

06 Feb 2008

Be the first to comment

  • Tweet this
Hacking
Attackers are already exploiting one of the vulnerabilities to remotely install malware

Exploit code has been released for three ActiveX security flaws, one of which is already being exploited in the wild.

The vulnerabilities target ActiveX plug-ins used by Microsoft's Internet Explorer to load files from third-party applications.

Further reading

The exploits target popular sites such as MySpace, Facebook and Yahoo's Music Jukebox.

Two of the three vulnerabilities targeted by the exploit code lie within Music Jukebox.

Symantec reported that attackers have already begun exploiting one of the vulnerabilities in order to remotely install malware on targeted systems.

"So far the exploits used in the wild have been carbon copies of the public exploit," wrote Symantec researcher Sean Hittel on a company blog.

"I suspect that it will not take long before the exploit is wrapped in an encoder in an attempt to make detection more difficult."

Facebook and MySpace are vulnerable to the same flaw, a vulnerability in the Aurigma Image Uploader tool.

If exploited, the vulnerability could allow an attacker to remotely execute code with the permissions of the current user.

The US Computer Emergency Response Team urged users to disable ActiveX controls in Internet Explorer.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

phishing-credit-card

Google moves to calm fears of Wallet attacks

Related white papers

Related articles

Related jobs

Today's top stories

ACTA protests took place across the globe

EP president condemns ACTA treaty as citizens protest across the globe

Google logo

Security patches cost Google $410,000 in finder's fees

Apple iPhone 4S

Apple stocks pass $500 as firm's financial success continues

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Corporate Account Manager / Management Consultant / London 50K to 60k

/ Corporate Account Manager / Management Consultant...

Project Manager WAN SP Infrastructure M3 M4 Corridor

Prince 2 Project Management Professional, Client Facing...

solution architect

Solution Architect / Technical Project Manager / Corporate...

solution architect

Solution Architect / Technical Project Manager / Corporate...

To send to more than one email address, simply separate each address with a comma.