Similarly, web surfers need to be aware of potential vulnerabilities. The latest identified by FrSIRT is identified as critical and shown below.
The advisory from me -- make certain your computer is properly updated with the latest Microsoft patches, that you have a firewall and up-to-date antivirus.
Advisory ID : FrSIRT/ADV-2006-3593See the list affected products and work around at http://www.frsirt.com/english/advisories/2006/3593
CVE ID : CVE-2006-4777
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-09-13
Technical Description
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.
FrSIRT confirmed this vulnerability on a fully patched Windows XP SP2 system. An exploit code is publicly available.
No comments:
Post a Comment