bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 15 Lug 2009 10:39 Oggetto: Nuova vulnerabilità negli ActiveX di IE |
|
|
dal sito Microsoft TechNet:
Citazione: | Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Published: July 13, 2009
Version: 1.0
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability.
Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Microsoft is currently working to develop a security update for all affected software listed in the Overview section to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution. |
Stavolta l'ActiveX incriminato è l'Office Web Components (OWC) che viene installato con uno dei seguenti prodotti:
- Office XP
- Office 2003
- Office 2007 (il componente è opzionale)
- BizTalk
- ISA Server
- Office Accounting and Business Contact Manager
L'ActiveX in questione può anche essere scaricato e installato manualmente dal Microsoft Download Center.
Al momento, l'unica soluzione possibile è la disabilitazione del suddetto ActiveX. Clicca qui per scaricare il workaround.
Il consiglio, come sempre, è di utilizzare un browser alternativo a Internet Explorer. |
|