Unebiblio Teca

I Security SANS has provided a careful analysis of this new vulnerability 0-Day, or a newly discovered vulnerability that has no time to patch resolution . At the time of this writing the article, only in the evening of yesterday, Microsoft has published an advisory on this vulnerability affecting Microsoft ActiveX Video Control in Internet Explorer. In particular, the laboratories of Symantec have discovered that the exploit is “in the wild” that is fully active in the web, with thousands of compromised web sites (the attack can also occur through email spam, if you open the link contained therein ). According to tests, it is vulnerable Windows XP, and Vista does not seem to be affected by this exploit. In particular, affects Internet Explorer 6 and 7, while the latest version seems immune. . The vulnerability is acting through the technique “drive-by presenting a fake Gif file that sends msvidctl.dll overflow when it parses the file fake gif. The vulnerability is very serious, because there is no interaction, which, without accorgesene may remain infectious. Symantec recommends disabling JavaScript in IE: I advice you to use an alternative browser like Firefox or Opera (I stress very negative opinion on the safety of Google Chrome). Using Sandboxie protects against these vulnerabilities. Microsoft has also published a workaround, be activated automatically by visiting this page, click on the Fix It button at the bottom of the article.