Monday, January 08, 2007

Eight year old ActiveX control with vulnerability

Tan Chew Keong recently found an ActiveX control on his Acer laptop that allows for arbitrary file execution. I had read this a month or so go, but was reminded again by today's Slashdot story. I haven't looked into the technical details, but they seem pretty plain.

If this is in fact from 1998, then I am amazed by how long this thing has gone unnoticed.
I'd love to know how many copies of this thing are out in the world. I would hope not a lot for escaping notice for so many years.

I can't decide if this is evidence against many eyes, or evidence for the idea that less popular software doesn't get any attention.

No comments: