Blog

Ranjeet Menon
ActiveX Control vulnerability
November 10, 2006

Microsoft XML Core Services XMLHTTP ActiveX Control Code Execution

This vulnerability has been found in Microsoft XML Core Services. It could be exploited by a remote attacker to take control of the system.

The problem is due to a memory corruption in XMLHTTP ActiveX Control.

Microsoft Visual Studio WMI Object Broker ActiveX Code Execution

Vulnerability identified in Microsoft Visual Studio, which could be exploited by attackers to take complete control of the system. Due to an error in the WMI Object Broker ActiveX control (WmiScriptUtils.dll) that fails to ensure that it interacts safely when it is hosted on a Web page, which could be exploited by attackers to execute arbitrary commands on a system where the vulnerable application is installed by tricking a user into visiting a specially crafted web page.

More info

www.microsoft.com/technet/security/bulletin/ms06-061

www.microsoft.com/technet/security/bulletin/ms06-042.mspx

www.microsoft.com/technet/security/advisory/927709.mspx

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image