On mySimon: Top Gifts for Him, Her, Mom, Dad & More!
BNET Business Network:
BNET
TechRepublic
ZDNet

July 7th, 2008

Microsoft warns of "active, targeted" ActiveX control attacks

Posted by Ryan Naraine @ 10:29 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Digital rights management, Firefox, Microsoft, Patch Watch, Punditocracy, Social Networking Applications

Tags: Vulnerability, ActiveX Control, Microsoft Corp., Attack, ActiveX/COM/COM+/DCOM, Microsoft Office, Security, Software Development, Software/Web Development, Office Suites

Microsoft has issued a pre-patch security advisory to warn about “active, targeted attacks” against an ActiveX control for the  Snapshot Viewer for Microsoft Access.

The skinny:

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

The advisory contains information on setting the killbit to avoid the attack.  More information in this US-CERT advisory.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 14 Talkback(s)
RE: Microsoft warns of
ZZZZZZZZZz... Is it over yet (Read the rest)
Posted by: TFW38@... Posted on: 07/08/08 You are currently: a Guest | | Terms of Use
An activeX attack. WHAT a suprise...  BitTwiddler | 07/07/08
Windows only technolgy  Richard Flude | 07/07/08
yup  TedKraan | 07/08/08
Almost as common as Quicktime exploits  mdemuth | 07/07/08
ActiveX exists?  cmdrrickhunter@... | 07/07/08
Makes me wonder, ....  Mike Hunt | 07/07/08
Is the users fault, of course  theo_durcan | 07/07/08
IIf you had read the story closer and understood it  Intellihence | 07/07/08
Sarcasm?  zkiwi | 07/07/08
This is a threat to big business from Microsoft  BALTHOR | 07/07/08
RE: Microsoft warns of  samp_z | 07/08/08
RE: Microsoft warns of  stevepast@... | 07/08/08
RE: Microsoft warns of  stevepast@... | 07/08/08
RE: Microsoft warns of  TFW38@... | 07/08/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More