Is a the new "Month of ActiveX Bugs" attack campaign a copycat, or is it for real? Anti-virus experts disagree.
ActiveX, Microsoft's technology that helps designers customize Web pages to add interactivity, is being targeted by a new bug-a-day scheme, it seems. Experts deem that this campaign called "Month of ActiveX Bugs" is a a copycat.
Despite few complaints so far, experts warn that Windows users may be at risk, and that most of the issues will be denial-of-service (DoS) flaws that can halt applications or crash your operating system.
n and/or operating system to crash, forcing a relaunch or restart.
So far, the only vulnerabilities found have been in a PowerPoint viewer and in an Excel viewer, an online form developed and sold by Office OCX.
Still, Symantec's anti-virus team is largely dismissing the bug as a copycat.
"The first posted vulnerability is of little significance," they said.
But other anti-virus companies such as Secunia APS and FfSIRT.com say the issue is criticial.
"Regardless of whether it results in remote code execution, I don't think a DoS should necessarily be discounted as frivolous or irrelevant," said one writer identified as Steven.
"It might not rank up there with 'critical' or 'high' vulnerabilities, but it is a vulnerability nonetheless."
"There have been multiple instances on the [security mailing] lists throughout the years where a DoS suddenly became promoted to a remotely exploitable bug," said a writer named Robert on the same thread.
Listen
Print
Social Comments ()
Digital Journal Comments (1)
Email this
Share on Facebook
