• You are here:
  • Home >
  • News >
  • Bugs & Fixes
Microsoft has issued a security advisory about a vulnerability that affects nearly all versions of Windows
Latest flaw affects the WebViewFolderIcon ActiveX control in Windows Shell

Microsoft issues advisory for ActiveX flaw

Vulnerability in Windows Shell could allow remote code execution

Written by Shaun Nichols in California, vnunet.com

02 Oct 2006

Microsoft has issued a security advisory about a vulnerability that affects nearly all versions of Windows that the company still supports.

While the company claimed that it is not aware of any active exploits for the vulnerability, security advisory 926043 details the flaw in the WebViewFolderIcon ActiveX control in Windows Shell. 

According to Microsoft, the vulnerability could be exploited by viewing a maliciously-crafted HTML file.

Advertisement

Once the exploit has been launched, an attacker could execute code remotely on the compromised PC, including malware and spyware programs.

A spokesman said that a patch is set to be released as part of Microsoft's next scheduled update on 10 October.

Microsoft suggests several workarounds in the meantime, including setting Internet Explorer to ask permission before running ActiveX. This will cause frequent requests as a large number of sites use ActiveX controls.

The US Computer Emergency Response Team recommends users to avoid clicking on unsolicited or otherwise suspicious links

The SANS internet Storm Center suggests that users should think about switching from Internet Explorer to other web browsers. 

Microsoft said that versions of Windows Server 2003 and Windows Server 2003 Service Pack 1 with the Enhanced Security Configuration enabled were not affected by the vulnerability.

Tags:

Reader comments

More from Computeractive

News

The latest home computing news

Downloads

The best PC tools, applications and more

Reviews

Independent opinions on new hardware and software

Step-by-step guides

Easy-to-follow projects with pictures

PC Help

Solve PC problems with our Q&A

Videos

PC projects demonstrated and product reviews

Articles

An in-depth look at how to get the best from your PC

Magazine

What's coming up in Computeractive

Forums

Get help with your PC problems from our readers

Competitions

Your chance to win computing prizes

Shopping

Great deals on products, services and more

Computeractive CD Rom 10
All 26 issues of Computeractive from 2007 on one CD-Rom.

Ultimate Guide to PC Troubleshooting
Everything you need to know to solve your PC problems.

Create your own calendars softwareCreate your own Calendars
The fun and easy way to create your own calendars!

Computeractive - Issue 280Computeractive Back Issues
Missed an issue? Click here to find a back issue

> More Bargains

Blogs

Windows Watch

Windows Watch

Keeping an eye on the latest XP and Vista news

Got a Mac? Get anti-virus.

02 Dec 2008Apple Mac users have long boasted that, unlike their Windows (sorry, sorry, "PC") counterparts, they don't need to spend time and money...

> More from the Windows Watch blog

Download Junkie

Download Junkie

Your daily dose of download discussion

Get the free commercial version of TuneUp Utilties 2007 worth £30

01 Dec 2008Only recently did we tell you about the fantastic new release of TuneUp Utilities 2009 , which will enable you to tweak,...

> More from the Download Junkie blog

Advertisement

Free email newsletters

Techno babble demystified...

[Display all definitions]

Or type in any computer-related word and click "Go"

Advertisement

Computeractive is not reponsible for content of Google adverts

Primary Navigation

© Incisive Media Ltd. 2008. Incisive Media Limited, Haymarket House,
28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503

Search computeractive.co.uk