|
|
|
A Sudden Rise in ActiveX Vulnerabilities Part 2 |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : In my previous post, I talked about the sudden rise in vulnerabilities affecting ActiveX controls. In this post, I would like to talk a bit about the technology behind ActiveX and various steps that may be taken to prevent attacks. An ActiveX control is essentially an Object Linking and Embedding OLE object. OLE allows objects to be shared using Component Object Model COM technology, which is a model that permits software components to communicate with each other. Distributed COM DCOM is an extension of COM that allows for the sharing of components over a network. ActiveX technology essentially facilitates the functionality of OLE on the World Wide Web. The controls can run on platforms that support COM or DCOM. According to Microsoft, ActiveX controls must provide an interface named IUnknown to offer functionality and must be self-registering. The IUnknown interface is a general interface that provides pointers to other interfaces of the object through a method called QueryInterface. This allows the application that is using the control to access the functionality of the ActiveX control. Self-registering means that an ActiveX control must register itself as a control, register all component categories required from the host, and register component categories implemented by the control itself. ActiveX controls run in containers that are typically client applications such as popular Web browsers. It should be noted that the use of ActiveX controls is not limited to Web browsers they may be used in a variety of containers such as software development tools and office documents. ActiveX controls pose various security threats that may compromise the availability, confidentiality, and integrity of a vulnerable computer. An ActiveX control on a computer can be instantiated by arbitrary sites that are aware of the control s class identifier or CLSID. A CLSID is a unique identifier for a COM object that is stored in the Windows registry. Remote attackers can carry out attacks by enticing a user to visit a malicious Web site that exploits a vulnerable control. ActiveX controls can run without restrictions unlike Java applications, which are contained within a secured Java Sandbox model. Depending on the implementation of a control, this can provide much needed functionality to non-malicious sites and a dangerous amount of leeway to malicious sites. ActiveX controls are scriptable therefore, remote Web sites can gain access to supported methods and properties of a control if it is marked safe for initialization or safe for scripting. In addition, many ActiveX controls have been reported to be vulnerable to a variety of security vulnerabilities such as buffer-overflows, denial-of-service, information disclosure, execution of arbitrary applications, etc. Though vulnerabilities in ActiveX controls can place users at great risk, there are some precautions that can be taken to mitigate the threat of such issues. Users should ensure that the security settings of their client browsers do not allow for scripting of ActiveX controls that are not marked safe for scripting. The browser should prompt for ActiveX controls and deny downloading unsigned ActiveX controls. As a general precaution users should avoid following links to unknown or untrusted sites and run client applications such as Web browsers with the minimal amount of privileges required for functionality. In addition, active scripting should be disabled to prevent the execution of script code and active content in the browser. Vulnerable users can also set the kill bit on an ActiveX control s CLSID to prevent the control from running in Internet Explorer. Microsoft has provided details on setting kill bits in Knowledge Base Article 240797.
Les mots clés de la revue de presse pour cet article : activex
Les éléments de la revue Twitter pour les mots clé : activex
Les derniers articles du site "Symantec Connect Security Response Billets" :
- What you need to know about election apps and your personal data
- Microsoft Patch Tuesday April 2016
- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits
- Latest Intelligence for March 2016
- New Flash zero-day exploited by attackers in the wild
- Samsam may signal a new trend of targeted ransomware
- Four tax scams to watch out for this tax season
- Most prevalent Android ransomware in the West arrives in Japan
- Taiwan targeted with new cyberespionage back door Trojan
- Seven Iranians charged in relation to cyberattacks against US
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
