Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Exploit Circulating For 'Critical' ActiveX Microsoft Bug
The vulnerability causes memory corruption and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.
March 27, 2007
1 Min Read
Full exploit code has been published for a "critical" bug in an ActiveX control that could crash Internet Explorer or give a hacker remote control of the infected machine.
Both U.S.-Cert and WebSense issued alerts that the exploit is circulating for the Microsoft ADODB.Connection ActiveX Control. The vulnerability, according to U.S.-Cert analysts, causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.
Users who have updated their Microsoft patches should be safe, since the company released patch MS07-009 to address this vulnerability on Feb. 13.
"Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability," wrote WebSense analysts in the online alert. "This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that the exploit code is publicly available."
In February, Microsoft recommended users download the fix for the critical bug immediately.
The ActiveX control is used in Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003, and Microsoft Windows Server 2003 for Itanium-based Systems.
Microsoft users can go to this Web site to download the patch.
You May Also Like
Five Advantages of Fortinet Data Center Firewalls
10 Considerations to Building Hybrid Mesh Firewall
Keeping Hackers Off Every Edge
A revolution in healthcare IT service management: How automation is driving improvements in a complex environment
Edge Computing 101 Practical Insight for IT and Ops Leaders