07.13.09
Second ActiveX/Vulnerability
There is a new security vulnerability that exists in ActiveX (Microsoft Office Web Components) that is actively being exploited. This advisory was first made available on July 13. This is the second of two exploits in ActiveX so far for the month of July. This vulnerability can affect Windows XP users with Office 2003 installed. Vista/Windows 7 and Office 2007 are not known to be affected in tyheir default install configurations
What makes this vulnerability/exploit important is that the users PC can be infected by simply clicking on a link in an email, messenger or on a web page (dependent on ActiveX settings in the browser.) This can allow a unauthorized user to use your PC for uses that you do not authorize (remote code execution)
- There is a “workaround” that you may want to install to prevent the exploit from occurring
- Please note it removes browser functionality but as far as I know most users do not use this functionality. This will have to be taken on a case by case basis.
- If you are interested in deploying the workaround there is one listed in the “workaround” section http://support.microsoft.com/kb/973472 Click Enable Workaround - Fix Me
- No permanent fix is available at this time
- Computerworld, Microsoft Security Blog