Security Vulnerability Research & Defense

Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit

Posted by swiblog | (Comments Off)

Filed under: classid, IE, Internet Explorer, Security Bulletin, activex, rating, killbit, Kill-Bit

Sunday, February 03, 2008 11:17 PM

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer

In early January you may have read posts on security distribution lists regarding two ActiveX Controls released by Microsoft. We have investigated those controls and fortunately, they are not exploitable since IE does not treat them as being safe. We

Posted by swiblog | (Comments Off)

Filed under: classid, clsid, safe for initialization, safe for scripting, iobjectsafety, activex

Attachment(s): ClassId.cs

Security Vulnerability Research & Defense

This Blog

Syndication

Search

News

Blogroll

Report a Vulnerability to Microsoft

Tags

Recent Posts

Archives

Browse by Tags

MS08-023: Same bug, four different security bulletin ratings

Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer