U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA06-258A)

Microsoft Internet Explorer ActiveX Vulnerability

Original release date: September 15, 2006

Systems Affected

  • Microsoft Windows
  • Internet Explorer

Overview

A vulnerability in ActiveX and Internet Explorer could allow an attacker to take control of your computer.

Solution

Microsoft has not yet released an update to address this vulnerability. From Microsoft Security Advisory (925444):
We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin.
Until an update is available, consider the following best practices.

Disable ActiveX

Disabling ActiveX will prevent exploitation of this and other ActiveX vulnerabilities. Instructions for disabling ActiveX in the Internet Zone can be found in "Securing Your Web Browser" and "4 steps to help ward off hackers and attackers."

Do not follow unsolicited links

Do not click on unsolicited URLs, including those received in email, instant messages, web forums, or internet relay chat (IRC) channels.

Description

An attacker could exploit a vulnerability in an ActiveX control by convincing a user to visit a web site with Internet Explorer. The attacker could then take any action as the user, including installing malicious software and accessing sensitive personal information.

For more technical information, see Vulnerability Note VU#377369.


References

  • Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
  • Vulnerability Note VU#377369 - <http://www.kb.cert.org/vuls/id/377369>
  • Microsoft Security Advisory (925444) - <http://www.microsoft.com/technet/security/advisory/925444.mspx>
  • 4 steps to help ward off hackers and attackers - <http://www.microsoft.com/athome/security/online/browsing_safety.mspx>
  • Microsoft Security Essentials - <http://www.microsoft.com/protect/>

  • .

    Revision History

    • September 15, 2006: Initial release, removed extra VU#377369 reference

    This product is provided subject to this Notification and this Privacy & Use policy.

    Was this document helpful?  Yes  |  Somewhat  |  No

    Back to Top