Sponsored By

Exploit Circulating For 'Critical' ActiveX Microsoft Bug

The vulnerability causes memory corruption and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.

Sharon Gaudin

March 27, 2007

1 Min Read

Full exploit code has been published for a "critical" bug in an ActiveX control that could crash Internet Explorer or give a hacker remote control of the infected machine.

Both U.S.-Cert and WebSense issued alerts that the exploit is circulating for the Microsoft ADODB.Connection ActiveX Control. The vulnerability, according to U.S.-Cert analysts, causes memory corruption, and may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or potentially execute arbitrary code.

Users who have updated their Microsoft patches should be safe, since the company released patch MS07-009 to address this vulnerability on Feb. 13.

"Our scanners are now actively searching for any live sites that are attempting to exploit this vulnerability," wrote WebSense analysts in the online alert. "This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that the exploit code is publicly available."

In February, Microsoft recommended users download the fix for the critical bug immediately.

The ActiveX control is used in Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003, and Microsoft Windows Server 2003 for Itanium-based Systems.

Microsoft users can go to this Web site to download the patch.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights