Symantec warns Internet Explorer users about vulnerabilities to attacks targeting ActiveX. According to Symantec’s Sean Hittel, attackers have found a way to serve users the vulnerability prior to exploiting it. Targeted is a critical security flaw in the ActiveX Control for the Snapshot Viewer for Microsoft Access.

Microsoft has patched the vulnerability via a security bulletin issued in July 2008, but the update was deployed only on the systems with the software installed. Symantec claims that all Internet Explorer users are vulnerable.

Recently, we came across a rather unfortunate exploit case for the Access Snapshot Viewer ActiveX Vulnerability that took advantage of a property of the ActiveX system to exploit IE users who did not have the vulnerable control installed. How does one exploit a vulnerability that does not exist on a system you say? Sadly, attackers have found a way to install the vulnerable Access Snapshot Viewer ActiveX control through Internet Explorer prior to exploiting it,” said Hittel.

Symantec indicated that the control is signed and as such its insulation is completely silent. In fact, in order to become vulnerable no user interaction is required. The attackers’ aim is to install the vulnerable control on the targeted computers, and then exploit the associated vulnerability.

Once this vulnerable control is installed on the victim’s computer, it is exploited in the same way as if the control was installed all along. To top it off, this attack is carried out as a drive-by attack, so the unprotected user may never know that they were vulnerable, or had been targeted, let alone infected,” Hittel stated.

* Original post :