Security flaws in an ActiveX control used in MySpace upload images onto the social networking sites leave users open to attack. Facebook users may also be at risk. A buffer overflow vulnerability in Aurigma's Image Uploader Control Library might be used to compromise a user's system. The affected control is used for uploading …
ActiveX, Cancer at the heart of IE?
How long before anti-virus software disables ActiveX by default? Not a week goes by without yet another ActiveX related scare, surely by now it must be considered such a major security risk that it should be targeted by AV manufacturers as malware?
I'm well aware of the difference between ActiveX itself and scripts which use it, but what real purpose does it serve except to give blackhats a direct route into the heart of the OS? Every site has to provide alternative solutions for other browsers, so the lack of ActiveX isn't going to hurt anyone but Microsoft.
Serves them right...
... for using proprietary Microsoft technology in the first place. And who uses MySpace these days anyway?
ActiveX: Insecure from the beginning
"ActiveX also presents an unacceptably high security risk to any user whose browser supports ActiveX technology. It is ridiculously easy to penetrate and damage a computer running a browser that allows ActiveX applets to be executed. For this reason, we cannot recommend ActiveX as a viable applet implementation technology and we go so far as to recommend that users disable ActiveX capability within their browser -- specifically Internet Explorer."
p. 395, in "HTML, The Definitive Guide" by Chuck Musciano and Bill Kennedy. 2nd edition, May 1997 (O'Reilly, Sebastopol)
Someone beat me to it
but to reiterate what even only mildly knowledgeable people know of ActiveX it's a passport to the heart of your operating system and has always been unsafe signed or not. This will be completely ignored as it has for the last nine years and people will continue to have the problem.You give them books and they just chew the covers off whats the point.
Secunia "extended solution"
Interesting that Secunia seems happy to scare-monger the average net user into signing up to it's service. http://secunia.com/advisories/28733/
As the posts above would indicate, there will *never* be a "solution" to the ongoing ActiveX debacle, except to permanently disable such controls. Rabbitting on with M$ about setting the "kill bit" only serves to blind everyday net users with B.S. so that they meekly sign up for yet another "security" service.
How come it takes ~THREE days to get this news to me?
Out her in Commie China it is the 4th of February - but :
How come it has taken ~THREE days to get the first comment on this news to me?
It isn't ONLY this story - it's every damned story from LAST week that gets similarly delayed.
Since the first person to comment on the story had that opportunity to do so THREE days ago, where's MY copy of thie story been all this time? Round the Universe & back again ??
My icon := "IT?" with "SH" in front of it !!