2 BlooMooWeb ActiveX Vulnerabilities
Here is a vulnerability which is somewhat minor and subsequently slipped under the radar. It's in a 3rd party ActiveX control, and therefore not as widely useful as exploits against components which ship with Windows by default. But I think it's useful to point out simply to provoke thought. It's been noted by security professionals that targeted attacks are becoming more common (either on specific companies or their customers/users). Simultaneously there are many companies out there which are making custom ActiveX controls to give their users more functionality or a better * cough * experience on their website. The original bugtraq post talks a bit about the context of this particular 3rd party ActiveX control:
"BlooMooWeb is an internet game platform for kids, popular mainly in Poland. It has been provided for the TV programme "Krolestwo Maciusia" ("The Kingdom of Macius") broadcast in TVP1 - first channel of Polish public television."
So right away we see that it has a fairly limited vulnerable population. But multiply this by the number of 3rd party ActiveX controls out there, and then decide on some percentage which are vulnerable (possibly using MS's own vulnerability percentage on all it's controls?) and you begin to see how 3rd party vulnerabilities are still important for attackers in this MS-dominated world.
