Microsoft security advisory reports vulnerability
Microsoft security advisory reports vulnerability
Madrid, November 6, 2006 - Microsoft has published a security advisory reporting a new vulnerability affecting the XMLHTTP 4.0 ActiveX Control, part of Windows Microsoft XML Core Services 4.0 on Windows.
The problem stems from a memory corruption error in the XMLHTTP ActiveX Control when handling specially crafted arguments passed to a ˝setRequestHeader()˝ method. An attacker could exploit this vulnerability to cause a denial of service, or even run commands when the target user visits a malicious web page.
Microsoft has acknowledged that attacks are taking place which exploit this flaw. The company is currently investigating this issue and preparing the necessary updates to fix it, although it hasn´t yet confirmed the date when they will be released.
Users running Windows Server 2003 (with or without Service Pack 1) with its default settings, and ˝Enhanced Security Configuration˝ turned on, are not affected by this problem.
Microsoft advises users to configure Internet Explorer to ask for confirmation before running scripts or ActiveX controls, or to avoid using the affected ActiveX control, by making the following change in the Windows Registry:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{88d969c5-f192-11d4-a65f-0040963251e5}]
˝Compatibility Flags˝=dword:00000400
Oxygen3 24h-365d
by Panda Software
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel