Internet Explorer ActiveX Exploit.

Thursday, 9. July 2009

Microsoft announced an ActiveX exploit in their Internet Explorer browser product on July 6, 2009. Read the Microsoft Bulletin.

The exploit allows a website to send an ActiveX control that can execute whatever evil or destructive code it wants to, with the permissions of the user doing the browsing. It does all this without the user even knowing that it is happening. THIS IS VERY BAD!

Currently, there are no patches available for this. Microsoft recommends turning off ActiveX controls on your browser.

Isn’t it ironic, that one of the things that force people to use IE on certain websites is now a 0 day exploit…

My recommendation? Use Firefox for all your web browsing…

Till the next time!

— Stu

Share