Tuesday, July 14, 2009

Zero day vulnerability in Microsoft Office Web Components discovered

Microsoft has published an advisory about a serious security vulnerability in its Office Web Components (OWC) software that could allow an attacker to run malicious code on your computer.

Microsoft says it has seen a limited number of attacks exploiting the vulnerability, which specifically lies in the Spreadsheet ActiveX control which can be embedded into webpages.

There is a long list of affected products:

* Microsoft Office XP Service Pack 3;
* Microsoft Office 2003 Service Pack 3;
* Microsoft Office XP Web Components Service Pack 3;
* Microsoft Office Web Components 2003 Service Pack 3;
* Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1;
* Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3;
* Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3;
* Microsoft Internet Security and Acceleration Server 2006;
* Internet Security and Acceleration Server 2006 Supportability Update;
* Microsoft Internet Security and Acceleration Server 2006 Service Pack 1; and
* Microsoft Office Small Business Accounting 2006.

Source

No comments: