[ISN] Warnings grow over unpatched IE flaw

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.theregister.co.uk/2006/09/18/ie_flaw_warnings_grow/

By John Leyden
18th September 2006

Security experts warn a new, unpatched vulnerability in Internet 
Explorer might be used to spread malware. A flaw in Microsoft's Direct 
Animation Path (daxctle.ocx) ActiveX control, rated as critical by 
Secunia and other security watchers, has spawned proof of concept code 
but has not yet become the subject of widespread, hostile attack. 
Memory corruption is possible even on a fully patched Windows XP 
system.

A patch is unlikely until next month's Patch Tuesday update. Microsoft 
said it was investigating the problem. Surfers are advised to restrict 
which sites they allow to run ActiveX controls or here ActiveX 
controls altogether. Tech-savvy IE users might try a workaround from 
the SANS Institutes's Internet Storm Centre, as explained here. A 
simpler solution, at least until Microsoft releases a patch, might be 
to use Firefox, Opera or all any other alternative browser. ®

_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/