Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Monday, August 13, 2007

FlashPix ActiveX ZeroDay Fix

My good buddy Alex over at Sunbelt Software alerted me to a new Zero Day vulnerability that has been announced by US-Cert(United States Computer Emergency Readiness Team). The bug was discovered and demonstrated yesterday by Krystian Kloskowski.


This is the kind of infection that can occur just by going to the wrong web page or reading an HTML document. You don’t have to download or agree to anything for this kind of threat to attack your computer.


The flaw was found in a file “DXTLIPI.DLL” which may or may not exist on your computer. This file is the container of an ActiveX control from Live Picture Corporation known as “FlashPix”.


The only available solution requires a change in the registry so the current version of this ActiveX will not be executed by Internet Explorer.


For those who aren’t comfortable using Regedit, I have created a registry script which will make the change for you. Just run the following to protect your computer. You can also save it to your computer and run it after download.

http://www.winpatrol.com/support/flashpixoff.reg

You'll see the following dialog

This script will set the kill bit for this ActiveX definition. If you’re using Netscape, it won’t run the script, it will just display the text contained in the script. Of course, if you’re using Netscape, you don’t have to worry about it anyway. Wink Wink



Labels: , , ,

Share on Facebook


3 Comments:

Anonymous Cel said...

Bill thank you for the registry script. For those of use not familiar with registry editing this is a real help.

The problem I see is there are so many of my user friends that I know will not be aware of this issue and it is a shame.

7:22 AM  
Anonymous Anonymous said...

Just another reason not to use Internet Explorer.

8:47 AM  
Blogger Sandi said...

I couldn't open it with Firefox, but was able to open it by using the "Open Link in IE tab" feature.

Thank you so much for this registry editor.

6:23 AM  

Post a Comment

Create a Link

<< Home