IE Vulnerable to Execution of Arbitrary Code

A vulnerability has been discovered in Internet Explorer that can be used to execute arbitrary code on an affected system. The vulnerability, located in the DirectAnimation ActiveX control, is caused by a memory corruption error when processing arguments that are passed to the KeyFrame() or Spline() functions. Successful exploitation could reportedly allow a remote intruder to take complete control of the user's system. A working exploit is circulating on the Internet. Microsoft is aware of the problem and is investigating the matter. The company said that it expects to release a patch in association with an upcoming Security Bulletin. In the meantime the company released an advisory, Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Control Execution.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish