Yet another blog promising a month of bugs has surfaced, this time poking security holes in ActiveX, and lo and behold, it has disclosed two important security holes in as many days.

After hoaxsters promised but failed to deliver several "month of" sites in recent weeks, we dismissed such campaigns as a desperate cry for attention and swore off covering them ever again. We reversed course after finding the bugs detailed by MoAxB have been confirmed by independent researchers.

Shinnai, the creator of the MoAxB, followed up today with documentation of a bug in Excel Viewer OCX, that can also cause a DOS or computer take-over. Secunia rates it highly critical, the advisory service's second-highest rating.

While the MoAxB site appears to be on the up and up, not all blogs promising 30 days of dispatches concerning bugs in a particular platform are quite as earnest. A blog, which we covered here, promising a month of MySpace bugs seemed like a great idea, but it turned out to be a hoax. So did a site promising a month of bugs in Windows Vista. Both campaigns were to get underway on April Fool's day. ®

Related stories

• Rogue ActiveX controls menace users (24 October 2007)
• MySpace to turn over sex-offender data after all (21 May 2007)
• US states press MySpace to give up sex offender data (14 May 2007)
• Apple patches security hole in QuickTime (2 May 2007)
• Adware poses as ActiveX control (17 April 2007)
• Microsoft zero-days said to target Office and Windows (11 April 2007)