The problem is within the Snapshot Viewer ActiveX control
(IDG News Service) A vulnerability in as-yet-unpatched Microsoft Corp. software poses a more severe threat to Internet Explorer 6 users than it does to those using a newer version of the browser, security vendor Symantec Corp. has warned.
The flaw in Microsoft's Access database software came to light just as Microsoft issued its patches for the month on July 8. The problem is within the Snapshot Viewer ActiveX control, which allows someone to see an Access report without launching the software.
Attackers are actively exploiting the vulnerability by either creating Web pages or hacking existing Web pages to host attacks. The hackers lure people to the pages through spam or instant messages.
IE7 will prompt users before downloading a particular ActiveX control for the first time. But IE 6 will automatically download the control, since it is digitally signed by Microsoft, Symantec said in its advisory. Once the ActiveX control is downloaded, the flaw can allow an attacker to take over a PC.............
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111518&source=NLT_VVR&nlid=37
(IDG News Service) A vulnerability in as-yet-unpatched Microsoft Corp. software poses a more severe threat to Internet Explorer 6 users than it does to those using a newer version of the browser, security vendor Symantec Corp. has warned.
The flaw in Microsoft's Access database software came to light just as Microsoft issued its patches for the month on July 8. The problem is within the Snapshot Viewer ActiveX control, which allows someone to see an Access report without launching the software.
Attackers are actively exploiting the vulnerability by either creating Web pages or hacking existing Web pages to host attacks. The hackers lure people to the pages through spam or instant messages.
IE7 will prompt users before downloading a particular ActiveX control for the first time. But IE 6 will automatically download the control, since it is digitally signed by Microsoft, Symantec said in its advisory. Once the ActiveX control is downloaded, the flaw can allow an attacker to take over a PC.............
More: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9111518&source=NLT_VVR&nlid=37