Microsoft Internet Explorer 'Active Setup Control' Vulnerability patch

Network and Internet
Web Browsers


Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable within an email and disguise it as a safe type of attachment. Through a complicated series of steps, the unsafe executable could be made to execute under certainconditions, if the user opened the attachment. A particular ActiveX control allows cabinet files to be launched and executed. The patch restricts the ability of the control to launch unsigned cabinet files that have been downloadedfrom the local machine.


Recent searches