All three flaws are in ActiveX controls. One tricks the control into executing commands supplied by an attacker, the second lets attackers write to files on disk and the third lets attackers execute code with user privileges, McAfee said.
The first two flaws were patched back in August, and it’s the third that created headlines earlier this week when it was found it let attackers essentially hijack victims’ PCs and use them to relay spam.
McAfee knows of “four to five” victims, all small and medium-sized businesses, company spokesperson Ian Bain told TechNewsWorld. The vendor “worked with them to stop [the attack] as the patch was being developed,” Bain added.
The spam relay problem “would most likely cause an ISP to block a business, and that is rarely going to happen to a large corporation,” IT security expert Randy Abrams told TechNewsWorld. “Small, relatively unknown companies would be at great risk of being blacklisted.”
Zoho
Fixating on the Flaws Read more....
No comments:
Post a Comment