If you're running Intuit's popular QuickBooks Online Edition, the US Computer Emergency Readiness Team is warning you that your ActiveX controls might be stabbing you in the back,at least if you visit a malicious webpage. Computer Emergency Readiness Team? That's what CERT stand for? Are they like code ninjas? Does someone project an html signal onto a cloud at night to summon them? Never mind. Fix your ActiveX controls.
The vulnerabilities, rated “highly critical” by Secunia, can be
exploited by a remote, unauthenticated attacker to execute arbitrary
code on a vulnerable system.
“By convincing a user to view a specially crafted HTML document
(e.g., a web page or an HTML email message or attachment), an attacker
may be able to execute arbitrary code with the privileges of the user.
The attacker could also cause Internet Explorer (or the program using
the WebBrowser control) to crash,” according to the US-CERT alert.
If someone steals one of your credit card numbers online, you have a problem. If someone steals all that sensitive financial and tax information you put into QuickBooks, you might as well live in a tent and grow your own food from then on in. There's an update available from Intuit here.