Exploit.JS.ActiveXComponent

Class Exploit
Platform JS
Description

Technical Details

This is an MS Internet Explorer and Outlook security breach
(com.ms.activeX.ActiveXComponent security vulnerability).

The security flaw allows remote scripts and HTML pages to access to any
ActiveX control installed on a victim’s computer. The remote
script can gain full contol over a victim’s computer, including the ability
to read and write files on hard disks.

Trojan programs such as JS.Trojan.Seeker and JS.Trojan.Fav use this
vulnerability to modify a browser’s start and search pages and add
unauthorized links to the “Favorites” folder of Internet Explorer.

Microsoft has released a patch that removes the
com.ms.activeX.ActiveXComponent security vulnerability. We recommend visiting http://support.microsoft.com/support/kb/articles/Q275/6/09.ASP and
installing this patch.