Microsoft Admits New ActiveX Zero-Day Bug
Gregg Keizer writes on ComputerWorld:
For the second time in a week, Microsoft is warning users that hackers are exploiting an unpatched, critical bug in a company-made ActiveX control, putting people running Internet Explorer (IE) at risk.More here.
The company has been busy lately acknowledging "zero-day" vulnerabilities. Today's admission was the third in the last two months, and the fifth since February.
According to the security advisory Microsoft released early Monday, the vulnerability is in Office Web Components, a set of ActiveX controls for publishing Office content to the Web, and for displaying that content in IE. The bug is in the ActiveX control that displays Excel spreadsheets within IE, Microsoft said.