main

Microsoft To Patch Newest IE Flaw

Steven Parker   on 30 September 2006 - 14:52 · 9 comments & 5014 views

Advertisement (Why?)
Microsoft has confirmed a new, unpatched vulnerability in Internet Explorer, and promised to fix the problem with an update on Oct. 10. In a security advisory posted on its support site, Microsoft admitted that an ActiveX control -- WebViewFolderIcon, also called "Web View" -- exposes a vulnerability in the Windows Shell that can be exploited by attackers to hijack PCs.

The likely attack vector, said Microsoft, would be the now-standard malicious Web site; victims would have to be drawn to the site with e-mailed or IMed lures, or surf to it on their own to be attacked. All currently-support editions of Windows are at risk, including Windows 2000, XP (SP1 and SP2), and Windows Server.

Thursday, security vendors and organizations, including Symantec and US-CERT, warned that exploit code had been released. The bug was originally reported in July as part of HD Moore's "Month of Browser Bugs" project where he identified dozens of flaws in IE and other Web browsers. The vast majority of those vulnerabilities remain unpatched.

Link: Microsoft Security Advisory (926043)
View: Full Article @ InformationWeek

Share this Article

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

Post a comment · Send to friend Comments · There are 9 additional comments
(2 replies) #1 Al on 30 Sep 2006 - 18:08
This was found ages ago and it still isn't patched. Sometimes I wander if MS cares about home users at all.
#1.1 ThaCrip on 01 Oct 2006 - 02:18
thats why Firefox is the best choice (or anything besides IE) since i think other browsers are safer in general since if a flaw is found, odds are most hackers will only target IE in general since it has the most users using it.

plus activex in general is a mistake
#1.2 Unplugged on 02 Oct 2006 - 10:07
Quote - ThaCrip said @ #1.1
thats why Firefox is the best choice (or anything besides IE) since i think other browsers are safer in general since if a flaw is found, odds are most hackers will only target IE in general since it has the most users using it.

plus activex in general is a mistake

Maybe so but more and more softwrae is going online based and unfortunalt ytjhats always going tobebcome a security issue it doesent matter werther you write your software in ActiveX or Java there will always be security risks maybe we should disable flash/java/javascript and even images in our webbrowers and go back to usenet incase we get hacked :/

The more popular Firefox gets the more of these vunrabilities are being found also activex is only one way of getting into a system.
#2 Jugalator on 30 Sep 2006 - 18:44
lol, originally reported in July?
(1 reply) #3 slippery on 30 Sep 2006 - 19:10
Unregister the VML software with the following command in either the Start-Run dialog or a command line session:

regsvr32 -u "%ProgramFiles%Common FilesMicrosoft SharedVGXvgx.dll
#3.1 Al on 30 Sep 2006 - 20:14
(2 replies) #4 XerXis on 30 Sep 2006 - 22:29
if this is a problem with an activex control then why does the titel say "IE flaw"? i suggest you change the titel
#4.1 Croquant on 30 Sep 2006 - 23:38
Quote - XerXis said @ #4
if this is a problem with an activex control then why does the titel say "IE flaw"? i suggest you change the titel

Becasue ActiveX depends on MSIE to work, smart guy.
#4.2 badazzEVO8 on 01 Oct 2006 - 09:56
whats a 'titel'?

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.897) © 2000 - 2008 Neowin.net