There has been found a vulnerability in Microsoft Office Snapshot Viewer ActiveX control (snapview.ocx). The vulnerability can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations. Vulnerability can be used for example to place files in Windows startup folder to make them executed when system starts up on next reboot. US-CERT tell that they have received reports of active exploitation of the vulnerability.
Vulnerable are Office versions 2000, XP and 2003 which all contain meantioned ActiveX control. The ActiveX control is also shipped with the standalone Snapshot Viewer.
At the moment there isn't a fix available for the vulnerability. As a workaround it's recommended to disable the vulnerable ActiveX control by following instructions in Microsoft Security Advisory.
More information on the vulnerability:
US-CERT vulnerability note
Microsoft Security Response Center (MSRC) blog
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment