ActiveX Vulnerabilities: Even When You Aren’t Vulnerable, You May Be Vulnerable

Symantec found an exploit case of Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed.

Symantec wrote:

Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it.

Because the control is Microsoft signed, its installation is silent, and does not require any user interaction. Once this vulnerable control is installed on the victim’s computer, it is exploited in the same way as if the control was installed all along. To top it off, this attack is carried out as a drive-by attack, so the unprotected user may never know that they were vulnerable, or had been targeted, let alone infected.

https://forums.symantec.com/syment/blog/article?message.uid=341705

Read Microsoft’s Security Advisory on this issue at:

http://blogs.technet.com/msrc/archive/2008/07/07/snapshot-viewer-activex-control-vulnerability.aspx

http://www.microsoft.com/technet/security/advisory/955179.mspx

Apply the suggested action until the patch is released.

Thanks to Tim for the alert.

Leave a Reply