iTWire - Attackers pushing ActiveX control just to exploit it

IT NEWS Sustainability Get JOB ALERTS that match your skills

Attackers pushing ActiveX control just to exploit it

by Stephen Withers
Friday, 08 August 2008
! Symantec has warned that the bad guys have started using drive-by downloads of a genuine Microsoft software component to open a security hole for subsequent exploit. Related stories Firefox and Norton: FIGHT! Chrome is good news for the ABM crowd Microsoft slips free development tools to students VMware ESX qualifies under Microsoft virtualisation support program Guitar Hero World Tour dated and priced The item in question is the Access Snapshot Viewer ActiveX control, which is the subject of a critical update that Microsoft plans to release next week. The control allows reports created in Access to displayed in Internet Explorer, even if Access itself is not installed. Since the Viewer is signed by Microsoft, a web site can install the control without the user being aware that anything is happening. The vulnerability in the Snapshot Viewer then allows remote code execution. According to Websense Security Labs, the vulnerability is easy to exploit. While the Snapshot Viewer is not part of a normal Windows installation, it is part of Office 2000, 2002 and 2003, which means it is widely present. But the latest development means it the flaw can potentially be exploited whether or not the control is already installed. Both Symantec and Websense recommend setting the killbit for the control as advised by Microsoft on July 7. The downside is that this will completely prevent the use of the control - even for legitimate purposes - until the new version is installed. Please enable JavaScript in your browser to post your comment! Tags See All Tags Microsoft Microsoft Office Security Software Stephen Withers Symantec Vulnerability Web Get stories like this delivered daily - FREE - subscribe now