activex vulnerability

ZDNet Resources

• sort by:
• Relevance
• Date
• Popularity

Two ActiveX vulnerabilities make IE a toxic choice

Two ActiveX vulnerabilities make IE a toxic choiceDude, you are the man.I just posted this at Ed Botts article.http://talkback.zdnet.com/5208-12354-0.html?forumID=1&threadID=66708&messageID=1260493Next I hit HOME, and VOILA, see you have just posted what I've been complaining about. GOOD JOB !LOL, let me feed your click-bait[i]I used to be a big fan of IE,...

Tags: Web browsers, Microsoft Internet Explorer, toxic choice, ActiveX, ActiveX vulnerability, Mozilla Firefox, vulnerability

Discussion threads 2009-07-13

Additional Resources

Counting vulnerabilities is pointless

Suddenly it doesn't matter any more? Vulnerability count is an indication of software qualityIt goes directly to the process the vendor went through to root out vulnerabilities before shipping. At least if you compare products with the same general purpose and which receives the same amount of scrutiny.Time to fix...

Tags: Web browsers, Cyberthreats, Spyware, adware & malware, SECURITY, Mozilla Firefox, vulnerability, Microsoft Internet Explorer, malware, risk period

Discussion threads 2009-11-09

Google Chrome update doesn't remove older, vulnerable version

But how would an attacker cause the vulnerable code to execute?Frankly, this seems to be a minor issue. If you are launching Chrome you will launch the latest version. The older version is just cruft. I don't see any scenario where you inadvertently or an attacker can execute the older...

Tags: Microsoft Windows, Web browsers, SECURITY, IE8, Chrome, Google Chrome, Google Inc.

Discussion threads 2009-10-01

Microsoft says Google Chrome Frame doubles IE attack surface

Actually, it means that some of the browsing will be much safer by using Chrome. Notice that Microsoft's ONLY arguments here are bogus security arguments. They do not even try to deny that Chrome is much faster and better.RE: Microsoft says Google Chrome Frame doubles IE attack surfaceIf Google Chrome...

Tags: Web browsers, Google Inc., Microsoft Internet Explorer, Chrome, Microsoft Corp., Web browser, plug-in

Discussion threads 2009-09-24

Mozilla pushes out .Net incompatible Firefox 3.5

RE: Mozilla pushes out .Net incompatible Firefox 3.5Obviously this only affects Windows users, who have the totally cost-free option of creating a virtual machine running Ubuntu and using Firefox 3.5 with no need to worry about .Net.RE: Mozilla pushes out .Net incompatible Firefox 3.5So instead of running a browser that...

Tags: .NET, Web browsers, Application servers, Middleware, Microsoft .NET, Mozilla Firefox, incompatible Firefox 3.5, Firefox 3.5, Mozilla Corp., open source

Discussion threads 2009-08-17

MS Patch Tuesday: 9 bulletins, 6 rated critical

Microsoft today released six bulletins with fixes for at least nine documented security vulnerabilities in a range of products that put users at risk of malicious hacker attacks. At least two of the vulnerabilities are currently being attacked in the wild so it's imperative that Windows users...

Tags: Vulnerability, Microsoft Corp., Microsoft Windows, Security, Operating Systems, Software, Ryan Naraine

Blog posts 2009-07-14

Two ActiveX vulnerabilities make IE a toxic choice

Last week Microsoft issued a security advisory warning of an ActiveX vulnerability relating to a video control. There's no patch in sight. Today we get another advisory relating to another ActiveX control, this time used to display Excel spreadsheets. Since tomorrow is Patch Tuesday, we're not going to see a...

Tags: Vulnerability, Microsoft Internet Explorer, ActiveX, ActiveX/COM/COM+/DCOM, Security, Software Development, Software/Web Development, Adrian Kingsley-Hughes

Blog posts 2009-07-13

ImageShack hacked by anti-full disclosure movement

During the weekend, ImageShack, among the Web's top ten most popular free image hosting services got compromised, with the millions of images hosted on it redirected to a single one explaining why it was hacked. The anti-sec group responsible for the compromise describes itself as a "movement...

Tags: Web, Malware, Exploit, Zero-day Bug, Spyware, Adware & Malware, Channel Management, Cyberthreats, Security, Viruses And Worms, Marketing, Dancho Danchev

Blog posts 2009-07-13

IE users beware: Zero-day attacks hit Microsoft Video ActiveX Control

IE users beware: Zero-day attacks hit Microsoft Video ActiveX ControlZero day attacksAgain and again and again. Will Windows ever be secure? In this case apparently just moving over to Firefox would help, but that was not recommended in the article.How soon before the fake Fix-It websites spring up?MS...

Tags: Web browsers, ActiveX/COM/COM+/DCOM, Microsoft Windows Vista (Longhorn), Operating systems, Microsoft Corp., ActiveX Control, Microsoft Video, Microsoft Internet Explorer, Microsoft Windows Vista, Microsoft Windows, zero-day bug, Microsoft Video ActiveX Control, Mozi

Discussion threads 2009-07-06

IE users beware: Zero-day attacks hit Microsoft Video ActiveX Control

Malicious hackers are launching code execution exploits against new, unpatched vulnerability in the Microsoft Video ActiveX Control, the company warned in an advisory. The attacks are currently targeting users of Microsoft's Internet Explorer browser.  "An attacker who successfully exploited this vulnerability could gain the same user rights...

Tags: ActiveX Control, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, ActiveX/COM/COM+/DCOM, Web Browsers, Software Development, Software/Web Development, Internet, Ryan Naraine

Blog posts 2009-07-06

Coming in July: Month of Twitter Bugs

A well-known security researcher plans to use the month of July to expose serious vulnerabilities in the Twitter ecosystem. The Month of Twitter Bugs, a project which launches on July 1, is the handiwork of Aviv Raff left, a researcher known for his work on Web-based security...

Tags: Vulnerability, Twitter, Aviv Raff, Web 2.0, Security, Internet, Ryan Naraine

Blog posts 2009-06-15

Steps Involved in Exploiting a Buffer Overflow Vulnerability Using a SEH Handler

This paper uses buffer overflow vulnerability in an application to overwrite the SEH handler. This paper will outline all the steps necessary to exploit such vulnerability, from detecting the point of buffer overflow in the application, to writing an exploit. The exploit uses an Activex control (XXXXX.dll) having buffer overflow...

Tags: Buffer-overflow Vulnerability, Buffer-overflow, Viruses And Worms, Security

White papers 2009-03-17

IE now uninstallable from Windows 7

IE now uninstallable from Windows 7Of course in only uninstalls iexplorer.exeThat's all IE is. They can't uninstall the mshtml control because that's not IE, that's a system component used by numerous 3rd party apps. They'd break tons of apps if they removed that.I have this option in Windows...

Tags: Web browsers, Right Now IT, sidebar, Microsoft Windows, Microsoft Internet Explorer, Microsoft Windows 7, Web browser

Discussion threads 2009-03-04

Hack Google's Native Client and get $8,192

Hack Google's Native Client and get $8,192Hack Google's Native Client and Win $$!This is without doubt why I am fond of using google products. Such a basic method of testing from "the best in the market" for a mere pittance. $ If Microsoft adopted this type of strategy we'd hardly...

Tags: Native Client, Google Inc.

Discussion threads 2009-02-28

Targeted malware attacks exploiting IE7 flaw detected

Researchers at TrendMicro have detected a targeted malware attack exploiting last week's patched critical MS09-002 vulnerability affecting Internet Explorer 7.  Upon opening the spammed Microsoft office document, vulnerable users are automatically forwarded to a Chinese live exploit site which still remains active. The attack has also been...

Tags: Trend Micro Inc., Flaw, Vulnerability, Microsoft Internet Explorer 7, Malware, Hacker, Exploit, Attack, MS09-002, Spyware, Adware & Malware, Cyberthreats, Security, Viruses And Worms, Dancho Danchev

Blog posts 2009-02-17

Inside Microsoft's February patch batch

Guest post by Eric Schultze It's a seemingly light batch of patches this month, trailing an even lighter, single patch release in January.  Two critical items were released -- including patches for Internet Explorer 7 and Microsoft Exchange Server.  Additionally, two "important" items...

Tags: Microsoft Visio, Attacker, Microsoft SQL Server, Microsoft Exchange Server, Microsoft Internet Explorer 7, Patch Management, Microsoft Corp., MS09-002, MS09-003, MS09-004, MS09-005, Patches, Servers, Security, Databases, Hardware, Enterprise Software, Software, Data Management, Ryan Naraine

Blog posts 2009-02-11

BlackBerry bitten by ActiveX control flaw

Research in Motion RIM today raised an alarm for a serious security vulnerability in the BlackBerry Application Web Loader, warning that it exposes Windows users to code execution attacks. When a BlackBerry device user browses to a web site that is designed to...

Tags: Flaw, ActiveX Control, RIM BlackBerry, ActiveX/COM/COM+/DCOM, Handhelds, Software Development, Software/Web Development, Hardware, Ryan Naraine

Blog posts 2009-02-10

Firefox joins security patch day treadmill

Firefox joins security patch day treadmillthis is the evidence that Firefox is NOT safer than IEFirefox still continues to have a lot of code execution flaws like IERE: Firefox joins security patch day treadmillI switched to Firefox a few years ago, and I will NEVER go back to IE. What...

Tags: Web browsers, Mozilla Firefox, Microsoft Internet Explorer, Web browser, security

Discussion threads 2008-12-17

Firefox tops list of 12 most vulnerable apps

Mozilla's flagship Firefox browser has earned the dubious title of the most vulnerable software program running on the Windows platform. According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008.  These flaws exposed...

Tags: Mozilla Firefox, Attacker, Vulnerability, JRE, Arbitrary Code Execution, Buffer-overflow, Security, Viruses And Worms, Ryan Naraine

Blog posts 2008-12-15

IE zero-day attack surface expands

The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Microsoft's Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2. Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE...

Tags: Security, Microsoft Internet Explorer, Web Browser, Zero-day Bug, Web Browsers, Internet, Ryan Naraine

Blog posts 2008-12-12