Original release date: September 27, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Internet Explorer
Overview
A vulnerability in ActiveX and Internet Explorer could allow an
attacker to take control of your computer.
Solution
Microsoft has not yet released an update to address this
vulnerability. Until an update is available, consider the following
best practices:
Disable ActiveX
Disabling ActiveX will prevent exploitation of this and other
ActiveX vulnerabilities. Instructions for disabling ActiveX in the
Internet Zone can be found in "Securing Your Web Browser" and
"Improve the safety of your browsing and e-mail activities."
Do not follow unsolicited links
Do not click on unsolicited URLs, including those received in
email, instant messages, web forums, or internet relay chat (IRC)
channels.
Description
An attacker could exploit a vulnerability in an ActiveX control by
convincing a user to visit a web site with Internet Explorer. The
attacker could then take any action as the user, including
installing malicious software and accessing sensitive personal
information.
For more technical information, see Vulnerability Note VU#753044.
References
Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "SA06-270A Feedback VU#753044" in the
subject.
__________________________________________________ __________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
__________________________________________________ __________________
Produced 2006 by US-CERT, a government organization.
Microsoft Internet Explorer ActiveX Vulnerability 
Linear Mode
