Monday, July 07, 2008

Microsoft: Hackers Exploiting Unpatched Office Flaw

Brian Krebs writes on Security Fix:

Microsoft today issued stopgap instructions for plugging a previously unknown security hole that hackers are currently using to break into Windows computers via the Internet Explorer (IE) Web browser.

The problem, once again, is with a faulty ActiveX control. ActiveX is a Windows technology that works through IE and allows Web sites to add software to the user's computer or interact with components in the Windows operating system. In this case, the insecure component is an ActiveX control called "Snapshot Viewer," which ships with all versions of Microsoft Office 2000, Office 2002, and Office 2003. The flawed ActiveX control also is also shipped with the standalone Snapshot Viewer.

Microsoft warns that merely browsing with IE to a malicious (or hacked) Web site that exploits this vulnerability could be enough to compromise your system.

More here.


Post a Comment

<< Home