Microsoft: Hackers Exploiting Unpatched Office Flaw
Brian Krebs writes on Security Fix:
Microsoft today issued stopgap instructions for plugging a previously unknown security hole that hackers are currently using to break into Windows computers via the Internet Explorer (IE) Web browser.More here.
The problem, once again, is with a faulty ActiveX control. ActiveX is a Windows technology that works through IE and allows Web sites to add software to the user's computer or interact with components in the Windows operating system. In this case, the insecure component is an ActiveX control called "Snapshot Viewer," which ships with all versions of Microsoft Office 2000, Office 2002, and Office 2003. The flawed ActiveX control also is also shipped with the standalone Snapshot Viewer.
Microsoft warns that merely browsing with IE to a malicious (or hacked) Web site that exploits this vulnerability could be enough to compromise your system.