 Activex Vulnerabilities - Facebook, Myspace And Yahoo |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
  Feb 5 2008, 12:28 PM
Post
#1
|
|
 Security Reporter  Group: News Reporters Posts: 493 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107  |
 So far there are no known in-the-wild attacks and in using the ISC's GUI based tool (link at the bottom) I had no exposures on my current system. ActiveX Vulnerabilities - Facebook, MySpace and Yahoo http://www.eweek.com/c/a/Security/ActiveX-...ers-Vulnerable/ http://www.us-cert.gov/current/index.html#...it_for_facebook http://www.kb.cert.org/vuls/id/776931 Six key sites and Killbits for those sites http://isc.sans.org/diary.html?storyid=3929 http://isc.sans.org/diary.html?storyid=3931 QUOTE: The US-CERT is urging Web surfers to immediately disable ActiveX controls from Internet Explorer to protect against a swath of publicly reported—and unpatched—software vulnerabilities. The US-CERT (Computer Emergency Response Team) recommendation follows the release of exploit code for multiple zero-day flaws in image uploaders used by Facebook and MySpace and bugs in the ActiveX control that ships with the Yahoo Music Jukebox software. According to Erik Kamerling, a vulnerability analyst at Symantec's DeepSight threat center, the availability of exploits for flaws in high-profile targets like Facebook and MySpace is cause for concern. Although Symantec is unaware of in-the-wild exploitation of the ActiveX flaws, there's a feeling that attacks are inevitable. Admins are advised to set the kill bit for the following CLSIDs as soon as possible: Aurigma: CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx') Aurigma: CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5') Facebook: CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0 Yahoo! MediaGrid: CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139 Yahoo! DataGrid: CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2 ISC GUI Tool can be downloaded from here: http://handlers.sans.org/tliston/KillBitGui-Feb08.exe ISC Command line http://handlers.sans.org/tliston/KillBitCLI-Feb08.exe -------------------- |
 |
 
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 07:05 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.