There are warnings for at least 6 Active controls that may experience buffer overflows or crashes and thus be subject to exploit developments So far there are no known in-the-wild attacks and in using the ISC's GUI based tool (link at the bottom) I had no exposures on my current system.
ActiveX Vulnerabilities - Facebook, MySpace and Yahoo
http://www.eweek.com/c/a/Security/ActiveX-...ers-Vulnerable/ http://www.us-cert.gov/current/index.html#...it_for_facebook http://www.kb.cert.org/vuls/id/776931 Six key sites and Killbits for those sites http://isc.sans.org/diary.html?storyid=3929 http://isc.sans.org/diary.html?storyid=3931 QUOTE
: The US-CERT is urging Web surfers to immediately disable ActiveX controls from Internet Explorer to protect against a swath of publicly reported—and unpatched—software vulnerabilities.
The US-CERT (Computer Emergency Response Team) recommendation follows the release of exploit code for multiple zero-day flaws in image uploaders used by Facebook and MySpace and bugs in the ActiveX control that ships with the Yahoo Music Jukebox
According to Erik Kamerling, a vulnerability analyst at Symantec's DeepSight threat center, the availability of exploits for flaws in high-profile targets like Facebook and MySpace is cause for concern
Although Symantec is unaware of in-the-wild exploitation of the ActiveX flaws, there's a feeling that attacks are inevitable. Admins are advised to set the kill bit for the following CLSIDs as soon as possible: Aurigma:
CLSID 6E5E167B-1566-4316-B27F-0DDAB3484CF7 ('ImageUploader4.ocx') Aurigma:
CLSID BA162249-F2C5-4851-8ADC-FC58CB424243 ('ImageUploader5') Facebook:
CLSID 5C6698D9-7BE4-4122-8EC5-291D84DBD4A0 Yahoo! MediaGrid:
CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139 Yahoo! DataGrid:
CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2 ISC GUI Tool can be downloaded from here: http://handlers.sans.org/tliston/KillBitGui-Feb08.exe ISC Command line