Hackers Attack ActiveX Flaw in IE

Internet Explorer is again the target of an exploit. The latest, prompting an investigation by Microsoft , could allow hackers to take control of some un-patched PCs.

The attack code appears just days after Microsoft’s regular monthly patch releases, an increasingly common tactic by malicious hackers.

“This vulnerability may allow an attacker to execute code on a user’s machine by convincing them to visit a malicious Web site using Internet Explorer,” according to a statement from a Microsoft spokesperson.

The software giant released a security advisory suggesting Windows XP and Windows 2000 disable ActiveX and active scripting features.

Windows 2003 is not affected, according to Microsoft.

Attackers can use a flaw in the multimedia-related ActiveX controls and a specially crafted Web page.

However, Microsoft cautioned it is “not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time.”

Full story: internetnews.com