funsec mailing list archives
Re: New attack kit targets bag of ActiveX bugs
From: security curmudgeon <jericho () attrition org>
Date: Tue, 8 Apr 2008 22:15:10 +0000 (UTC)
: The bad guys are now doing what I was worried about which is to rattle : the door a bunch of times to see which insecure ActiveX control will let : them inside someone's computer. Many ActiveX controls also can't be : automatically updated by vendors with security fixes. It's up to users : to learn about and manually install patches. : : One solution to the problem is to have an industry-wide list of known : bad controls that is published on the Internet. Security products can : then use this kill list to disable bad ActiveX controls which are hidden : away on many of our computers. OSVDB.org tracks the CLSID associated with ActiveX controls when possible, even though the field that contains it isn't visible on many entries (searching for a CLSID will find it if we have it). One of our wish-list items is exactly what you describe above, auto-generated from our database nightly. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- New attack kit targets bag of ActiveX bugs Richard M. Smith (Apr 08)
- Re: New attack kit targets bag of ActiveX bugs security curmudgeon (Apr 08)