Thread: Internet Explorer DHTML Edit ActiveX Control
View Single Post
  #1  
Old 12-19-2004, 01:54 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thumbs down
The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
http://secunia.com/internet_explorer_cross...erability_test/

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Solution:
Set security level to high for the "Internet" zone (disable ActiveX support).


Also be sure to check in on windows update for the latest available updates for your operating system ..
Reply With Quote