The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
Source US-CERT
We are aware of proof-of-concept code for a denial-of-service vulnerability in Microsoft Internet Explorer. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), Internet Explorer may crash when processing a specific method in the ‘ADODB.Connection’ ActiveX Object. It is not clear at this point whether an attacker may be able to execute arbitrary code with this vulnerability.
More information about this vulnerability can be found in the following:
- Vulnerability Note VU#589272 - ADODB.Connection ActiveX control unspecified vulnerability
Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
- Disable the ADODB.Connection ActiveX control in Internet Explorer as specified in the Microsoft Support Document 240797.
- Disable ActiveX as specified in the Securing Your Web Browser document and the Malicious Web Scripts FAQ.
- Do not follow unsolicited links.
- Review the steps described in Microsoft’s document to improve the safety of your browser.
US-CERT Vulnerability Note VU#58927
Comment Meta:
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Last 50 Posts 
Back