"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ng94h.2086$Lt4.1435@trnddc08...
> From: "cmsix" <cmsix@storiesonline.org>
>
>
> |
> | Isn't most every ActiveX control a vulnerability? I realize that
> some
> | of them are useful, and that in a "kinder" and "gentler" world
> they
> | might well be very useful for everyone. Lately though, I've been
> | thinging that it isn't all that smart to have something downloaded
> to
> | your computer that gives someone else control of parts of it. On
> the
> | other hand, I don't even have to do it and it ends up being
> lucrative
> | for me. Imagine that, other people are causing trouble all over
> the
> | internet and here I get paid to straighten it out for a few. Maybe
> | it's my good looks. Naw, must be because I work so cheap.
> |
> | cmsix
>
> That's a common misperception. There are malware add-ons to
> FireFox. That can be compared
> to Microsoft's ActiveX. Many legitimate applications use ActiveX.
> In this case there is a
> XML in HTTP handling bug that cvan be exploited to elevate
> priveledges to install sooftware
> without the user's knowledge or consent.


>
> Please read all about the situation in KB927892...

Among other things,
> http://www.microsoft.com/technet/sec...ry/927892.mspx
said: "Customers would need to visit an attacker's Web site to be at
risk. We will continue to investigate these public reports."

Even though they didn't say it, I assume that customers would have to
visit the attacker's Web sites with Internet Explorer to be at risk.

Later they mention HTML emails and since I don't allow Outlook Express
to render html in messages that isn't a bother either, for me
presonally at least. It is hard to explain to customers why they
shouldn't though. I usually take the easy way out and blame it on
Microsoft's poor security.

cmsix

>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>