Microsoft: 'ActiveX error is just a mediocre error'
After US-CERT and SecurityFocus revealed a new ActiveX security flaw in the Internet Explorer 6 browser on the Microsoft Security Response Center Blog, Microsoft said it would investigate the specific vulnerability.
Yesterday, Microsoft officially revealed details about this security error.
Microsoft claims that the above ActiveX security error is absolutely not dangerous, it is just a mediocre security error that is difficult to be exploited to remotely hijack the system.
Only a few Windows versions have Microsoft XML Core Services 4.0 installed - a set of tools that allow programmers to use scripting languages to access XML-formatted documents - that ActiveX error.
Specifically, the faulty Windows versions include Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003, and Microsoft Windows Server 2003 Service Pack 1.
In order to successfully exploit this security error, an attacker must trick users into accessing a specially programmed website with code that exploits XMLHTTP 4.0 ActiveX Control error. Not only that, the attacker is forced to gain access to a system that is similar to the access that the user is using. If these conditions are met, it is possible to gain full control over the faulty system.
Microsoft claims to have had a similar XMLHTTP ActiveX Control bug discovered 5 years ago. This error was later fixed.
To protect yourself, users can disable the browser's ActiveX Control feature. However, if you disable this feature, some sites may have problems.
SANS Institute classified an error to protect newly discovered ActiveX Control in Internet Explorer 6 as a "zero-day" error. This means that this error has not been patched yet. Meanwhile, some other security firms put this error into 'extremely dangerous' level.
Hoang Dung
- Adobe Reader has a dangerous ActiveX error
- Where does the error 'Error 404' come from?
- Microsoft confirms a new bug in WMP
- Microsoft verifies 'zero-day' error in Visual Studio
- Xbox 360 hardware error caused Microsoft to lose ... 1 billion USD
- Sony, Gracenote warned about Microsoft product security errors
- 'Zero-day' security error protection procedure
- Add a deadly zero-day error in Word
- 70 software has a security error
- Microsoft was shocked again because of a new security error in IE
- 'Rain of security bugs' in ActiveX
- Acer sold the PC with a security error