vulnerability has been discovered in Internet Explorer which could allow a malicious person to exploit a vulnerability. This would give the person remote access to the vulnerable machine. Secunia has therefore given the vulnerability an extremely critical rating. The exploit takes advantage of an Active X exploit from specially crafted HTML page.
“The vulnerability is caused due to a memory corruption error in the Microsoft Multimedia Controls ActiveX control (daxctle.ocx) in the “CPathCtl::KeyFrame()” function. This can be exploited by e.g. tricking a user into viewing a malicious HTML document passing specially crafted arguments to the ActiveX control’s “KeyFrame()” method.” There is a somewhat working exploit circulating that can be used on Windows 2000 machines. However, Secunia has successfully built an exploit for a fully patched XP SP2 machine.
Source: Secunia
[tags]internet explorer, internet explorer exploit, daxctle.ocx exploit, CPathCtl::KeyFrame() exploit[/tags]
