Internet Explorer DHTML Edit ActiveX Control

*Mobo* · #1 12-19-2004, 01:54 PM

The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:
[Only Registered and Activated Users Can See Links. Click Here To Register...]

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Solution:
Set security level to high for the "Internet" zone (disable ActiveX support).

Also be sure to check in on windows update for the latest available updates for your operating system ..

vainternet · #2 05-31-2008, 04:25 PM

This control is stronger, most of it is verified on the client

[Only Registered and Activated Users Can See Links. Click Here To Register...]

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
hijack log	der	Spyware / Virus Removal	46	10-04-2005 07:49 AM
RSS-Microsoft Security Advisory (906267): A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit - 8/25/2005	RSS Importer	Security Alerts and vulnerabilities	0	08-25-2005 03:00 AM
eliteuvf32.exe?? AdWare?	Alex	Spyware / Virus Removal	31	05-17-2005 09:50 PM
Pop-up crazy	MOJET	Spyware / Virus Removal	11	03-30-2005 09:22 PM
Internet Explorer HTML Elements Buffer Overflow	Mobo	Security Alerts and vulnerabilities	0	12-06-2004 11:32 AM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)