Sigh. Some days I feel like totally throwing out all my Microsoft products and just use open-sourced or Linux ones. I hate to find my laptop totally hacked into while out for dinner. Seems that there is
now a zero-day bug in the Microsoft DirectAnimation Path ActiveX control that could permit remote code execution via Internet Explorer. Microsoft has posted a security advisory stating that it only affects PCs on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2. Those running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, won't have this problem.
The Secunia advisory site has rated this bug as Extremely Critical and Christopher Budd wrote the following at the Microsoft Security Resource Center blog :
The advisory also noted Microsoft is aware of the existence of proof of concept code, but no exploits have been reported. "This vulnerability may allow an attacker to execute code on a user's machine by convincing them to visit a malicious website using Internet Explorer," .
Comment Preview