In association with heise online

13 July 2009, 16:00

Microsoft warns of vulnerability in Office Web Component

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft has advised of a critical security vulnerability in an Office Web Component that allows attackers to gain control of a Windows PC. According to Microsoft, the first web pages that attempt to exploit the vulnerability, using specially crafted tables, have already appeared. For an attack to be successful, a victim must first visit a specially crafted malicious page using Internet Explorer – which could even happen inadvertently through page forwarding.

The vulnerable control is a collection of objects for publishing and viewing tables, presentations and databases on the web. Office 2003, Office XP, Internet Security and Acceleration Server 2004 and 2006 as well as Office Small Business Accounting 2006 are all affected. While no update is currently available, Microsoft is reportedly working as quickly as possible to produce one. In the meantime, the software vendor has released a Fix-it tool to disable the vulnerable control in Internet Explorer. It's highly unlikely that Redmond will have an update available by tomorrow's Patch Tuesday.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-742465
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit