Exploit Circulating For 'Critical' ActiveX Microsoft Bug - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Exploit Circulating For 'Critical' ActiveX Microsoft Bug

The vulnerability causes memory corruption and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.

Full exploit code has been published for a "critical" bug in an ActiveX control that could crash Internet Explorer or give a hacker remote control of the infected machine.

Both U.S.-Cert and WebSense issued alerts that the exploit is circulating for the Microsoft ADODB.Connection ActiveX Control. The vulnerability, according to U.S.-Cert analysts, causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.

Users who have updated their Microsoft patches should be safe, since the company released patch MS07-009 to address this vulnerability on Feb. 13.

"Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability," wrote WebSense analysts in the online alert. "This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that the exploit code is publicly available."

In February, Microsoft recommended users download the fix for the critical bug immediately.

The ActiveX control is used in Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003, and Microsoft Windows Server 2003 for Itanium-based Systems.

Microsoft users can go to this Web site to download the patch.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll