ActiveX security flaws demonstrate difficulty of protection
ActiveX security bugs reported last week show yet again that cyber flaws are harder to fix than some realise, according to application vulnerability specialist Fortify Software.
“This latest ActiveX flaw centres on the Snapshot Viewer ActiveX control, which is a feature of most versions of Microsoft Office Access,” explains Rob Rachwald, Fortify’s director of product marketing.
“Microsoft is tackling the problem, which seeks to lure Access users to a modified web page that then attempts to execute the attack code within Internet Explorer,” he says, but adds that fixing the code isn’t trivial.
“Although Microsoft is doing a really good job of finding and fixing issues since it has placed a new emphasis on security, it’s still a difficult task to find all bugs,” he warns.
