On Monday, Microsoft issued a Security Advisory about a previously undisclosed vulnerability in Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11).
The vulnerability exists specifically in the Spreadsheet ActiveX Control and could allow an attacker who successfully exploited this vulnerability the same user rights as the local user.
U.K.-based Sophos echoed that with some specifics today, saying that it has found several sites, “mostly hosted in China that serve the exploit as a part of a Web exploit kit.”
Microsoft has created an automated tool called “Fix it” that can be downloaded from Microsoft’s support site.
Here is an artist’s rendering of what is happening.
No Comments