FlashPix ActiveX ZeroDay Fix
My good buddy Alex over at Sunbelt Software alerted me to a new Zero Day vulnerability that has been announced by US-Cert(United States Computer Emergency Readiness Team). The bug was discovered and demonstrated yesterday by Krystian Kloskowski.
This is the kind of infection that can occur just by going to the wrong web page or reading an HTML document. You don’t have to download or agree to anything for this kind of threat to attack your computer.
The flaw was found in a file “DXTLIPI.DLL” which may or may not exist on your computer. This file is the container of an ActiveX control from Live Picture Corporation known as “FlashPix”.
The only available solution requires a change in the registry so the current version of this ActiveX will not be executed by Internet Explorer.
For those who aren’t comfortable using Regedit, I have created a registry script which will make the change for you. Just run the following to protect your computer. You can also save it to your computer and run it after download.