Posted on 01/24/2007 7:53:33 PM PST by holymoly
Vulnerable 3rd-party component used by more than two-dozen vendors.
A vulnerability within a software component used in more than 70 products could allow for an attacker to remotely run malware on a targeted system.
The vulnerability lies in NCTAudioFile2.dll, an ActiveX component used by Internet Explorer. An attacker could use a specially crafted web page to exploit the vulnerability and take control of a system, warned Danish security firm Secunia.
The component is made by Online Media Technologies Ltd., a UK-based firm that produces .net and ActiveX components for developers. The company said its clients include AT&T, Dell, and Intel.
Secunia estimates that the vulnerable component is used by more than 70 products from at least 28 different software developers.
Secunia has warned all vendors distributing the compontent, but hasn't yet heard back from Online Media Technologies.
While the vulnerability lies in a third-party component, Secunia said that it is partially up to the developers who use NACTAudioFile2 in their products to help protect users.
"Just because you didn't develop the original library file or component doesn't mean that you can eschew support for it, and leave it up to the original vendor to create a patch," said Secunia technical writer Ina Ragragio.
The vulnerability has been rated by Secunia as "highly critical," its second-highest severity rating. Ragragio said that Secunia is not aware of any publicly available exploit for the vulnerability, but that "actually crafting one is pretty straight-forward."
Secunia recommends that users either disable ActiveX or use a different web browser than Internet Explorer.
Online Media Technologies didn't immediately respond to a request for comment.
PeerGuardian2 can do all kinds of weird stuff... if you turn it on and cruise the web you can see what hosting services websites use, what ad services they use, and all kinds of other info's pretty wacky stuff... the Avast! program is pretty nice... its webshield actually scans websites as you visit them... pretty slick.
I see. Thanks.
We use Firefox.......period.
it's amazing how much stuff is embeddeded into "normal" webpages that you don't know is there... peerguradian2 will let you know about it, give it a try once it will make you paranoid forever. ;)
It's also fairly easy to chain the Avast! Webshield with another proxy. (I chain Webshield with Proxomitron.)
not to bad for free. ;)
probably should get the program, it's better than norton or mcaffee thats 4sure! :)
A good firewall for free is at comodo.com
No link to avoid the advertising bugaboo :-)
There is really no good reason for anyone to still be using Internet Explorer at this point in time.
I don't think you'll regret it.
As far as other features of Avast!, I've always thought the IM & P2P shields would be helpful for people with kids, who seem to like those things.
(For those not familiar with Avast!, you simply select the "shields" you need at installation.)
Also, as far as support, their forum is very helpful. IIRC A member of Alwil (Avast!) answers questions there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.