This problem may be partially mitigated by blocking activeX at the perimeter until there is a patch/architecture fix from M$. Now, if the exploit comes in via HTTPS (secure tunnel) forget scanning for it - I know of only one company that makes an HTTPS scanning transparent firewall at this time...not Fortinet, not Cisco, not Checkpoint...
It may be that Finjan would stand a chance at stopping upcoming exploits that are 0-day, beating the AV community to the punch...we'll see.
Still, I recommend stopping ActiveX at the border preemptively.
Friday, August 19, 2005
Exploit for unpatched IE vuln fuels hacker fears | The Register
http://www.theregister.co.uk/2005/08/19/0day_ie_exploit_fears/ "Microsoft is investigating an IE security bug amid fears that a hacker attack based on the vulnerability is imminent. A flaw in Microsoft DDS Library Shape Control COM object (msdds.dll) is at the centre of the security flap."