Microsoft may have known about critical IE bug

dhilipkumar · Jul 09, 2009, 09:04 AM

Microsoft may have known about critical IE bug

X-Force listed two separate vulnerabilities in its advisory, saying that the flawed Microsoft Video Controller ActiveX Library, or the "msvidctl.dll" file, not only contained the buffer overflow bug attributed to Smith and Wheeler, but also harbored a memory corruption vulnerability discovered by X-Force researcher Robert Freeman.

Microsoft not only confirmed ongoing attacks against IE6 and IE7 users running Windows XP, but also offered an automated tool that sets 45 different "kill bits" in the ActiveX control, effectively disabling it and rendering attacks moot.

computerworld

Discussion Community

News:

Microsoft may have known about critical IE bug

dhilipkumar