|
| Register for our Free Newsletters |
|
 |
|
|
|
|
|
|
|
|
| Other Carouselweb publications |
|
|
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
ActiveX vulnerability illustrates difficulty in fixing flaws
|
|
Fortify
: 11 July, 2008 (Technical Article) |
|
|
Continual discovery and rectification of flaws in applications illustrates the need for pro-active protection against IT threats |
|
Fortify Software says a set of ActiveX security bugs reported this week prove the firm's observations that security flaws are likely with almost any piece of applications software.
'This latest ActiveX flaw centres on the Snapshot Viewer ActiveX control, which is a feature of most versions of Microsoft Office Access,' said Rob Rachwald, Fortify's director of product marketing.
'Microsoft is tackling the problem, which seeks to lure Access users to a modified Web page that then attempts to execute the attack code within Internet Explorer, but I think that Microsoft is doing its best to solve the flaw in a timely and effective manner,' he added.
According to Rachwald, it is interesting to note that Adam Shostack, one of Microsoft's IT security gurus, has commented recently on the difficulty of going back and fixing code that was never designed with a software development life-cycle.
Although Microsoft is doing a really good job of finding and fixing issues since it has placed a new emphasis on security, it's still a difficult task to find all bugs,' he explained.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
