Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability.
Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.
Fix It solution is available and applies to:
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Web Components
Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Fix It solution is in http://support.microsoft.com/kb/973472
More info on this security advisory in http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://www.microsoft.com/technet/security/advisory/973472.mspx
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability.
Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.
Fix It solution is available and applies to:
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Web Components
Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Fix It solution is in http://support.microsoft.com/kb/973472
More info on this security advisory in http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://www.microsoft.com/technet/security/advisory/973472.mspx
Special thanks to Donna and Corrine for the heads up.
Microsoft Security Advisory (973472) - FixIt solution is available
http://msmvps.com/blogs/donna/archive/2009/07/14/microsoft-security-advisory-973472-released-fixit-solution-is-available.aspx
Microsoft Security Advisory 973472 Released
http://securitygarden.blogspot.com/2009/07/microsoft-security-advisory-973472.html
Now I've got to figure out why the advisory hasn't come to my inbox yet .....
No comments:
Post a Comment