Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.
The code was published on public Web sites, where it is accessible to miscreants who might use it to craft attacks on vulnerable Windows computers. Microsoft is investigating the issue, the company representative said in a statement Thursday.
“Microsoft’s initial investigation reveals that this exploit code could allow an attacker to execute memory corruption,” the representative said. As a workaround to protect against potential attacks, Microsoft suggests Windows users disable ActiveX and active scripting controls.
The flaw is due to an error in an ActiveX control related to multimedia features and could be exploited by viewing a rigged Web page, Symantec said in an alert sent to users of its DeepSight security intelligence service Thursday. An attacker could commandeer a Windows PC or cause IE to crash, the security company said.
IE versions 5.01 and 6 on all current versions of Windows are affected, the French Security Incident Response Team, or FrSIRT, a security-monitoring company, said in an alert Wednesday.
The warning of the new flaw comes only days after Microsoft released its September patches. On Tuesday it released three updates, two for Windows and one for Office. The software maker also released a third version of an Internet Explorer fix after it botched the first two versions of the patch.
In recent months, word of new attacks has repeatedly followed shortly after “Patch Tuesday.” Some experts believe the timing of the new attack is no coincidence, suggesting that attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes.
It’s worth noting that after a hailstorm of patches yesterday by Microsoft, the daxctle.ocx vulnerability was not patched.
We have observed this exploit in action in the wild. However, it is not widely used (the two sites we saw it on are now dead) and it is a pretty crappy exploit (meaning, it doesn’t work all that well).
Nevertheless, it is an exploit, it has been observed in the wild, and it’s not patched.
Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6} More information about how to set the kill bit is available in Microsoft Support Document 240797. More at CERT.
How big a microscope are they using to try to find something anything ???
Would any of us withstand that kind of an inspection?
It’s almost as though IE where running for office and in order for the opposition
to win, they must find some dirt. Any dirt. Please there has to be something bad I can report… ;D ;D ;D