Microsoft Warns of Zero-Day Flaw in Office Web Components ActiveX Control
Just one day before its scheduled security release, Microsoft has issued an advisory warning of attacks that exploit an arbitrary code execution vulnerability in the Spreadsheet ActiveX control in Microsoft Office Web Components. Attackers could use the attack to gain user rights equal
to those of the local user. The flaw affects numerous Microsoft products. The advisory includes instructions for setting the kill bit for the control in the registry.
http://isc.sans.org/diary.html?storyid=6778
http://www.microsoft.com/technet/security/advisory/973472.mspx
http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://www.eweek.com/c/a/Security/Microsoft-Warns-of-New-Attack-as-Patch-Tuesday-Nears-854317/
http://www.scmagazineus.com/Another-ActiveX-zero-day-bug-from-Microsoft/article/139939/
http://www.h-online.com/security/Microsoft-warns-of-vulnerability-in-Office-Web-Component--/news/113752
http://voices.washingtonpost.com/securityfix/2009/07/microsoft_newly_discovered_ms.html
http://www.computerworld.com/s/article/9135471/Microsoft_admits_new_ActiveX_zero_day_bug?source=rss_security
martes, 14 de julio de 2009
Suscribirse a:
Enviar comentarios (Atom)
No hay comentarios:
Publicar un comentario