[LINK] yet another firefox vulnerability
Rick Welykochy
rick at praxis.com.au
Mon Sep 12 23:00:17 EST 2005
Malcolm Miles wrote:
> On Mon, 12 Sep 2005 12:28:04 +1000, you wrote:
>
>>By comparson, the latest Secunia report for MS Internet Explorer
>>allows the attacker to gain access to the complete Windows Operating
>>Environment IFF. that user visits an untrusted site that executes
>>Active-X controls.
>
>
> The Active-X object in question is shipped or installed with Windows
> oe Internet Explorer. It is installed as part of the original releases
> of Visual Studio 2002, and Access 2002. The issue was fixed in
> subsequent service packs for these products quite some time ago.
Which leaves hundreds of millions of Windows boxes vulnerable,
i.e. those that have not installed SP3, AFAIK.
Why give the illusion that the problem has been fixed? The vulnerability
was reported in August 2005. Who would haave know to somehow "fix it"
prior to then?
>>By default, most MS IE installations allow
>>execution of Active-X.
>
>
> Active-X controls can only be installed on a PC by an administrator.
> Users cannot install Active-X controls.
Unfortunately, nearly all SME and home users run their machines
as administrator.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
Computing has evolved. Has Microsoft?
More information about the Link
mailing list