Posted on 01/24/2007 7:53:33 PM PST by holymoly
Vulnerable 3rd-party component used by more than two-dozen vendors.
A vulnerability within a software component used in more than 70 products could allow for an attacker to remotely run malware on a targeted system.
The vulnerability lies in NCTAudioFile2.dll, an ActiveX component used by Internet Explorer. An attacker could use a specially crafted web page to exploit the vulnerability and take control of a system, warned Danish security firm Secunia.
The component is made by Online Media Technologies Ltd., a UK-based firm that produces .net and ActiveX components for developers. The company said its clients include AT&T, Dell, and Intel.
Secunia estimates that the vulnerable component is used by more than 70 products from at least 28 different software developers.
Secunia has warned all vendors distributing the compontent, but hasn't yet heard back from Online Media Technologies.
While the vulnerability lies in a third-party component, Secunia said that it is partially up to the developers who use NACTAudioFile2 in their products to help protect users.
"Just because you didn't develop the original library file or component doesn't mean that you can eschew support for it, and leave it up to the original vendor to create a patch," said Secunia technical writer Ina Ragragio.
The vulnerability has been rated by Secunia as "highly critical," its second-highest severity rating. Ragragio said that Secunia is not aware of any publicly available exploit for the vulnerability, but that "actually crafting one is pretty straight-forward."
Secunia recommends that users either disable ActiveX or use a different web browser than Internet Explorer.
Online Media Technologies didn't immediately respond to a request for comment.
Take your pick:
bump to see what happens in this thread.
Jeeezz.
Good lord that isn't a good one.
In the battle between functionality and security MS always chose functionality. That model made sense a decade ago. Now it is banging them. Active X was always an exciting but dangerous technology.
The only thing IE is good for is downloading the Windows updates.
I recently tried out the AVG AntiVirus, and it found 4 Trojans on my system that Norton had missed for several weeks. That is not very encouraging either.
I've been using AVG for years. Hands down better than any of the usual suspects, and far less intrusive on your system overall.
The downside of software reuse.
ping
Same with me. AVG is a very good product.
Norton has a name. They were once the best, but they have lost it.
Hey, Echo... over here!
bump
Give Avast! 4 Home Edition a try... let me know what you think...
Its pretty sweet, I think you will like it... ;)
My AVG found the same four trojans in the last week. AVG is great.
Do you all use the free or paid version of AVG
Combine AVG with Zone Alarm Pro, and you're locked down as near to 100% as is possible today.
ADDENDUM: Assuming you're using a browser other than IE. I use Firefox.
Give these 4 programs a try they work pretty well togeather and they are all free
Free antivirus - avast! 4 Home Edition This is nice lots of features, you may need to add port 12080 to the Webshield application just use a "comma" it will look like this (80,12080) when you have it right, turn all to high :)
PC Tools Firewall Plus 1.0.0.9 Nice easy to use
a-squared (a²) Free edition 2.1.0.12
_______________________________________________
Windows Defender This is nice to have also....
Intersting, eh? ?I would tell Norton, but since they seem to think they have all the answers, I'll let them find out elsewhere. It took a long time to get their crap out off my hard drive and out of the registry.
I have no clue why I would need that and why it would make me more paranoid.
What does it do? Allow you to download and upload music using P2P sites without getting caught? Is it more than that?
I'm trying to figure out how it is relavant to this thread. I'm probably missing something there.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.