Network Security, Patch/Configuration Management, Vulnerability Management

Attackers ramp up zero-day ActiveX exploits

Attacks taking advantage of a zero-day vulnerability in a Microsoft Active X control are increasing in prevalence, nearly a month since the flaw and ensuing exploit code first was announced.

The bug, which enables an attacker to gain privileges of a logged-on user to launch remote code, affects the ActiveX control for the Snapshot Viewer in Office Access 2000, 2002 and 2003, Microsoft has said.

"We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China," according to a Websense Security Labs blog entry. "There is currently no patch available, but Microsoft has several workarounds listed in their advisory."

Exploit code was posted to the exploit database Milworm on July 24, according to Websense.

Microsoft, in its advisory, suggests a number of workarounds, including disabling Active Scripting, allowing only trusted sites to run ActiveX controls and Active Scripting, and preventing component object model (COM) objects from running in Internet Explorer.

The threat is further mitigated by the fact that the vulnerable ActiveX control "does not appear in a default Microsoft Windows installation," Websense said in its blog.

Microsoft is scheduled to release its August patches a week from Tuesday, but it is uknown whether a fix for this vulnerability will be included.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.