Security research firm Secunia has
recommended that users of Microsoft's Internet Explorer browser disable ActiveX controls and plugins to protect against a variant of the "Object Data"
vulnerability.
The Secunia warning comes just one week after Microsoft issued a cumulative patch for the IE browser that carried a
'critical' rating. Clinical Research Methods::
File Format: PDF/Adobe Acrobat - View as HTMLEmpirical research sug-. gests that searching PubMed alone is inadequate. Prone to cumulative systematic biases and personal opinion
http://ssrc.tums.ac.ir/SystematicReview/Assets/Pai_NMJI_2004_Systematic_reviews_illustra.pdfHOME |
However, in a special update, Secunia said Microsoft's cumulative patch
was not adequate and warned that exploitation of the most serious security
hole was already discovered in the wild. "Analysis shows that the exploit
installs a program called ADPlus module or SurferBar, which is added to a
users
Internet Explorer and contains links to various porn sites," the company
cautioned. ECDC::
Cumulative number of Confirmed Human Cases of Avian Influenza A/(H5N1) The authors conclude that the literature to date is inadequate for coming to any
http://ecdc.europa.eu/Health_topics/influenza/news/news_Influenza_070405.htmlHOME |
Bioline International Official Site (site up-dated regularly)::
The drainage system was open and inadequate. Clothes were dried in the open not have positive patch test reactions were considered to have cumulative
http://www.bioline.org.br/request?dv05109HOME |
"The "Object Data" vulnerability is straightforward to exploit. In many
ways, this vulnerability is similar to [a previous flaw] which was exploited
by notorious viruses like Nimda, Badtrans and Klez," the company said.
Efforts to contact Microsoft were not successful at press time.
To protect against the vulnerability, IE users should disable Active
Scripting until Microsoft provides a comprehensive fix.
Secunia said the "Object Data" hole can be targeted via e-mail or
specially-crafted Web sites to allow execution of arbitrary code on the
client system.
To determine the safety of an object, the IE browser interprets the file
extension specified in the "Object Data" tag. "This allows a malicious
person to specify a "safe" file with eg. a ".html" extension in "Object
Data", which causes Internet Explorer to interpret it as a "safe" file, the
company explained. However, when the file is retrieved by IE, the
"Content-Type" header determines how the file will be treated. "This allows
an executable file like a ".hta" file to be treated as a "safe" file and be
executed silently without restrictions," Secunia warned.
The flaw, which Secunia described as "extremely critical," affects
Microsoft IE versions 5.01, 5.5 and 6.0.
 Novell Pushes Cross-Platform at BrainShare
 'Peering' Into AOL-MSN Outage | 
Researcher: IE Cumulative Patch Inadequate