Research: Buggy, Flawed 'ActiveX' Controls Pervasive

["Richard M. Smith" <rms () computerbytesman com>]

http://blogs.washingtonpost.com/securityfix/2006/01/research_buggy_.html

Microsoft takes its share of lumps from security experts for building
software that constantly requires security updates, but dozens of major
corporations may also be guilty of piling their own security problems into
Windows machines.

New data collected by at least one notable security researcher suggests that
as much as 50 percent of all computers powered by Microsoft Windows might
contain one or more non-Microsoft components that could allow malicious Web
sites to seize control of them.

The components at issue all rely on ActiveX
<http://surfthenetsafely.com/activex.htm> , a Microsoft creation that is
deeply woven into the Windows operating system and in Microsoft's Internet
Explorer Web browser. ActiveX was designed to allow Web sites to develop
interactive, multimedia-rich pages, but such powerful features rarely ever
come without security trade-offs. 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.