Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. If successfully exploited, the vulnerability could give an attacker same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
Affected products are:
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3
- Microsoft Office XP Web Components Service Pack 3
- Microsoft Office 2003 Web Components Service Pack 3
- Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2006
- Internet Security and Acceleration Server 2006 Supportability Update
- Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
- Microsoft Office Small Business Accounting 2006
Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section of the advisory, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.
More information:
Microsoft Security Response Center (MSRC) Blog
Microsoft Security Research & Defense Blog
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment