NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0466 New Attack Kit Targets ActiveX Bugs:
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them
never seen in the wild before, said a security company on Friday, 04APR. Fewer than half of the
flawed ActiveX controls have been patched. The attack framework probes Windows PCs for vulnerable
ActiveX controls from software vendors Microsoft, Citrix Systems and Macrovision, as well as
hardware makers D-Link Corporation, Hewlett-Packard, Gateway, and Sony, said a Symantec Corp.
researcher. According to the researcher, visitors to compromised web sites are redirected by a
rogue IFRAME to a malicious site serving the package. The attack pack tests the victim's PC for
each ActiveX control, detects whether a vulnerable version of a control is installed, and then
launches an attack when it finds one.
(ComputerWorld 07APR08)