THE most detailed (as in references-filled) post that we have about ActiveX is this one. We also wrote about Novell's support of ActiveX and now we discover that the latest ActiveX flaw affects even Adobe and Cisco.
Microsoft's ATL problem is spreading. Many other software vendors are affected, among them Adobe and Cisco. The total number of vendors with vulnerable controls is currently unclear. In an interview with heise Security, Microsoft executive Andrew Cushman confirmed that it is not known how many ActiveX controls are affected. Cushman said this is the first time a Microsoft library has been affected by a security problem. According to the executive, Redmond appreciates that this patch not only affects corporate IT teams, but also requires action from software developers.
This highlights an unfortunate instance of monoculture -- nearly everyone on the internet uses Flash for nearly all the video they watch, so just about everyone in the world is using a binary module from a single vendor day in, day out.
--Bill Gates [PDF]
Comments
Yuhong Bao
2009-07-30 03:25:46
Yuhong Bao
2009-07-30 03:32:27