|
|
|
ActiveX Vulnerabilities Even When You Aren't Vulnerable, You May Be Vulnerable |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Recently, we came across a ratherunfortunate exploit case for the Access SnapshotViewer ActiveX Vulnerability that took advantage of a property ofthe ActiveX system to exploit IE users who did not have the vulnerable controlinstalled. How does one exploit a vulnerability that does not exist on a systemyou say Sadly, attackers have found a way to install the vulnerable AccessSnapshot Viewer ActiveX control through Internet Explorer prior to exploitingit. Because the control is Microsoft signed,its installation is silent, and does not require any user interaction. Oncethis vulnerable control is installed on the victim s computer, it is exploitedin the same way as if the control was installed all along. To top it off, thisattack is carried out as a drive-by attack, so the unprotected user may neverknow that they were vulnerable, or had been targeted, let alone infected. While this silent installation abilityobviously poses some interesting security considerations, it is actually fairlycore to ActiveX operation. For example, a site that wants to provide an Accessreport for its users may want to install the trusted control and permit theusers to simply view the report. This would provide a cleaner experience forthe site's users, rather than forcing them to go to the Microsoft site todownload and install the control. This silent install attack isspecifically detected by IPS NIS,NAV, N360, SEP, and SCS products as HTTPSnapshot Viewer ActiveX Download Request. If the subsequentexploit is encoded, it will be detected by Symantec Browser Protection NIS2008, NAV 2008, N360 v2 as MSIEMS Snapshot ActiveX File Download. If the exploit is not encoded,IPS will detect is as HTTPSnapShot Viewer ActiveX File Download. Additionally, Symantecantivirus programs will detect this attack as Downloader. Message Edited by SR Blog Moderator on 08-06-2008 02 34 PM
Les mots clés de la revue de presse pour cet article : activex
Les éléments de la revue Twitter pour les mots clé : activex
Les derniers articles du site "Symantec Connect Security Response Billets" :
- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
