ActiveX bug resurfaces

It hasn't been a great week for security... has it?

Yet another potentially devastating flaw inherent to Microsoft's Web language ActiveX has been revealed on SecurityForum's message-board "Bugtraq". The latest opening allows the kernel of Windows 98 or Windows NT computers to be permanently deleted from an applet embedded in a Web page.

Although Microsoft has already released a fix for the problem which makes it possible for a user to overwrite the kernel of a Windows 98 or Windows NT machine at the touch of a button, millions of users remain at risk according to Bugtraq.

Saul Hazledine, a regular contributor to Bugtraq, highlighted this latest exploit. There is also a fully working example posted on this Web page. This page should not, however, be visited without due care. Unless the ActiveX controls in Internet Explorer are de-activated, the links it contains have the potential to do serious damage to anyone using Windows 98 or Windows NT.

Take me to Hackers