Scared of Flash O-Day? Kill ActiveX
Users concerned about a critical Adobe Flash flaw outed this week can mitigate the threat by removing Active X, according security company F-Secure.
Adobe had issued a security alert that warned of a critical hole in Flash Player that is being exploited in the wild, to hijack and crash computers.
"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform," the company said in an advisory.
F-Secure senior researcher Sean Sullivan said in a blog that users should just uninstall ActiveX.
"For Flash on the web, you can use a designated browser (other than IE). Do you really need Flash enabled for Office?"
Microsoft Office will generate an error message when it attempts to execute a Flash file but ActiveX has been uninstalled.
(Credit: F-Secure)
The vulnerability affects a range of Flash versions, but cannot be executed in Adobe Reader X since the Protected Mode would prevent the exploit from running.
Adobe said it will address the issue in Adobe Reader X for Windows with its next quarterly security update, scheduled for 14 June.