 |
|||
|
|||
BroadWeb is successfully deterring Microsoft XMLHTTP ActiveX Control 0-Day Attack BURLINGAME, Calif. – November 21, 2006 – BroadWeb Corporation, a leader in intrusion prevention, today announced that its BroadWeb Security Service Team successfully deters Microsoft XMLHTTP ActiveX Control 0-Day Attack A Microsoft XML Core Services XMLHTTP Active control exploit allows malicious users to gain remote access or remote control of the computer without proper authentication and authorization. The malicious users may code the exploit into web pages and when an unsuspecting victim browses the web page, or open an exploits tempered HTML formatted emails, the malicious users may be able to gain the same access privileges as the victim on the victim’s computer. Once the malicious users gained access, they will be able to execute malicious programs against the victims. Even if more damages cannot be performed against the victim, the exploit can render the Internet Explorer useless. Microsoft has yet to announce any patches or fix for the XMLHTTP ActiveX Control exploit. This may represent that average users may be attacked when browsing a maliciously coded HTML files before the patches are released. BroadWeb BSST has release a corresponding attack signature in the Pattern 3.61 release: # 052710_EXPLOIT MS IE XML Core Services 4.0 Remote Code Execution BSST strongly recommends BroadWeb Users update the signatures to Pattern 3.61 or later to prevent these types of attacks. “As a leader in intrusion prevention, we have to be in the constant lookout for our users against the ever threatening 0-Day attacks,” said BroadWeb Marketing Director Tony Chang. “Customers today are looking for protections from all known and all possible unknown attacks, which is exactly what our BSST provides.”
About BroadWeb Disclaimer: NetKeeper is a trademark name of BroadWeb Corp., but does not include the sovereignty of USA.
CONTACT: |
|||
 More News |
|||
