Microsoft has released an advisory related to an Office Web Components ActiveX vulnerability, it is available here. This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability, although we at the SANS Internet Storm Center haven't seen it used or mentioned in public. Which may tend to indicate it has been used in targeted rather than broad attacks. At the moment there is no patch, there is a workaround, and it can be automated for enterprise deployment. The specific CLSIDs to set the killbit for are: {0002E541-0000-0000-C000-000000000046} Start working on this on ASAP. The impact is remote code execution with the privileges of the logged in user running Internet Explorer, and might not require user intervention. As in browse to a nasty web site and be pwn3d. Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx KB article: http://support.microsoft.com/kb/972890 SRD blog: http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx MSRC blog: http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx There is a long list of affected products:
If you see exploit code for this vulnerability, or have knowledge of it being used in an attack please let us know via our contact page. Cheers, Teaching SANS Cutting-Edge Hacking Techniques in Ottawa this September. |
Adrien de Beaupre 353 Posts ISC Handler Jul 13th 2009 |
Thread locked Subscribe |
Jul 13th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!