|
Microsoft Internet Explorer 'Active Setup Control' Vulnerability patch
-
Version
0
Microsoft has released a patch that eliminates a vulnerability that could allow a malicious user to embed an unsafe executable within an email and disguise it as a safe type of attachment. Through a complicated series of steps, the unsafe executable could be made to execute under certain conditions, if the user opened the attachment. A particular ActiveX control allows cabinet files to be launched and executed. The patch restricts the ability of the control to launch unsigned cabinet files that have been downloaded from the local machine.
|