ActiveX flaw can help spread viruses

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Friday, May 12, 2000 10:30 am PT ActiveX flaw can help spread viruses

By Ann Harrison, Computerworld

A FLAWED ACTIVEX control makes computers running Internet Explorer Version 5.0 or Microsoft Office 2000 vulnerable to virus infections on most e-mail systems even if users do not open infected attachments, according to a computer-security think tank.

Bethesda, Md.-based SANS Institute revealed Thursday that default security settings on Explorer permit users to receive viruses and spread them by viewing or previewing malicious e-mail without actually opening an attachment or visiting a malicious Web site.

The security hole is created by a flaw in an Explorer ActiveX control called scriptlet.typelib. Although the hole can be closed in minutes using tools available on Microsoft's security site, simply updating anti-virus tools isn't an effective solution, according to SANS.

"This is by far the fastest-growing virus distribution program and ripe for a hugely destructive event -- at least as large as the 'I Love You' virus," warned SANS in a bulletin issued in its recent newsletter.

The correction script may be run directly from a page on Microsoft's Web site at www.microsoft.com/msdownload/iebuild/scriptlet/en/scriptlet.htm.

http://www.infoworld.com/articles/hn/xml/00/05/12/000512hnactivex.xml

-- Martin Thompson (mthom1927@aol.com), May 12, 2000


Moderation questions? read the FAQ