18 September 2006
Temporary fixes to daxctle exploit
Many people by now have probably heard about the proof of concept exploit that demonstrated a weakness in IE's daxctle.ocx (Microsoft Direct Animation Path) ActiveX Control.
The flaw will cause IE to crash and enable someone to take full control of a system. This will not be patched until the next month, leaving all computers running Internet Explorer vulnerable until then.
One solution is to disable Active Scripting in IE. This involves going into the tools menu and clicking the security tab. From there setting the Internet and intranet security to the Custom level and within Settings in the Scripting section, clicking disable within Active Scripting.
Another possibility is to run one of two applications created to set or unset the 'kill bit' that will block the exploit. A standard Windows executable file and a command line version are available along with further information here.
The flaw will cause IE to crash and enable someone to take full control of a system. This will not be patched until the next month, leaving all computers running Internet Explorer vulnerable until then.
One solution is to disable Active Scripting in IE. This involves going into the tools menu and clicking the security tab. From there setting the Internet and intranet security to the Custom level and within Settings in the Scripting section, clicking disable within Active Scripting.
Another possibility is to run one of two applications created to set or unset the 'kill bit' that will block the exploit. A standard Windows executable file and a command line version are available along with further information here.
Labels: IE, microsoft, vulnerability
