Do you have a question? Post it now! No Registration Necessary. Now with pictures!
September 28, 2006, 2:10 am
rate this thread
Cyber Security Alert SA06-270A
Microsoft Internet Explorer ActiveX Vulnerability
Original release date: September 27, 2006
Last revised: --
* Microsoft Windows
* Internet Explorer
A vulnerability in ActiveX and Internet Explorer could allow an
attacker to take control of your computer.
Microsoft has not yet released an update to address this
vulnerability. Until an update is available, consider the following
Disabling ActiveX will prevent exploitation of this and other
ActiveX vulnerabilities. Instructions for disabling ActiveX in the
Internet Zone can be found in "Securing Your Web Browser" and
"Improve the safety of your browsing and e-mail activities."
Do not follow unsolicited links
Do not click on unsolicited URLs, including those received in
email, instant messages, web forums, or internet relay chat (IRC)
An attacker could exploit a vulnerability in an ActiveX control by
convincing a user to visit a web site with Internet Explorer. The
attacker could then take any action as the user, including
installing malicious software and accessing sensitive personal
For more technical information, see Vulnerability Note VU#753044.
Securing Your Web Browser -
Vulnerability Note VU#753044 -
Improve the safety of your browsing and e-mail activities -
Microsoft Security Essentials - <http://www.microsoft.com/protect/>
The most recent version of this document can be found at:
Feedback can be directed to US-CERT Technical Staff. Please send
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html .
Produced 2006 by US-CERT, a government organization.
September 27, 2006: Initial release