# CRITICAL: Vulnerability in ActiveX Control (IE5.01 SP4, IE6, IE6 SP1)



## Zazula (Apr 27, 2006)

A newly discovered vulnerability in the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx, calls for users to perform interim workarounds until a Security Update is issued.

Microsoft Security Advisory (925444)

1. Prevent the Microsoft DirectAnimation Path ActiveX control from running in Internet Explorer
2. Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.
3. Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
4. Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
5. Modify the Access Control List on Daxctle.ocx to be more restrictive.

To find out how the aforementioned workarounds are performed, please read the MS Advisory linked above.


----------



## Cellus (Aug 31, 2006)

Link is broken due to a missing character. Here's the actual link:

http://www.microsoft.com/technet/security/advisory/925444.mspx

Here's also a link to a news article regarding this vulnerability:

http://www.securityfocus.com/brief/304


----------



## Zazula (Apr 27, 2006)

Thanks, Cellus, for taking care.


----------



## RavenMind (Mar 8, 2005)

Yet another reason to stop using Internet Explorer.

(I know, I know.. as if we needed more..) :laugh:


----------

