Attackers Ramp Up Zero-Day ActiveX Exploits
Dan Kaplan writes on SC Magazine US:
Attacks taking advantage of a zero-day vulnerability in a Microsoft Active X control are increasing in prevalence, nearly a month since the flaw and ensuing exploit code first was announced.More here.
The bug, which enables an attacker to gain privileges of a logged-on user to launch remote code, affects the ActiveX control for the Snapshot Viewer in Office Access 2000, 2002 and 2003, Microsoft has said.
"We've been closely monitoring this exploit since its release, and are now tracking several hundred occurrences in the wild, found mostly in China," according to a Websense Security Labs blog entry. "There is currently no patch available, but Microsoft has several workarounds listed in their advisory."
Exploit code was posted to the exploit database Milw0rm on July 24, according to Websense.