Tuesday, July 28, 2009

Return Of The ActiveDead

"Send more PoCs!"

"Microsoft has been forced to issue emergency patches for its Windows operating system after researchers discovered a way to bypass a critical security mechanism in the Internet Explorer browser.

"During a Wednesday talk at this week's Black Hat conference in Las Vegas, researchers Mark Dowd, Ryan Smith and David Dewey will show a way of bypassing the 'kill-bit' mechanism used to disable buggy ActiveX controls. A video demonstration posted by Smith shows how the researchers were able to bypass the mechanism, which checks for ActiveX controls that are not allowed to run on Windows. They were able to then exploit a buggy ActiveX control in order to run an unauthorized program on a victim's computer.

"Although the researchers have not revealed the technical details behind their work, this bug could be a big deal, giving hackers a way of exploiting ActiveX problems that were previously thought to have been mitigated via kill-bits."

More at PCWorld...

No comments: