13 July 2009
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2009.1011 Microsoft Office Web Components: Execute arbitrary code 14 July 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office XP Web Components Service Pack 3 Microsoft Office Web Components 2003 Service Pack 3 Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1 Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3 Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3 Microsoft Internet Security and Acceleration Server 2006 Internet Security and Acceleration Server 2006 Supportability Update Microsoft Internet Security and Acceleration Server 2006 Service Pack 1 Microsoft Office Small Business Accounting 2006 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2009-1136 Member content until: Thursday, August 13 2009 OVERVIEW A vulnerability in Microsoft Office Web Components, which could allow remote execution of arbitrary code, is currently being investigated. IMPACT An ActiveX control used by Internet Explorer to display Excel spreadsheets is vulnerable to a remote code execution attack, with privileges of the user running IE. Active exploitation of this vulnerability has been confirmed. [1, 2] MITIGATION Microsoft have provided a 'Fixit' workaround as well as instructions to manually disable the ActiveX control.  REFERENCES  Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/973472.mspx  Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution http://isc.sans.org/diary.html?storyid=6778&rss  Microsoft Security Advisory: Vulnerability in Microsoft Office Web Components control could allow remote code execution http://support.microsoft.com/kb/973472 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFKW9dkNVH5XJJInbgRAskxAJ94sP4DYO220YrInRloVonYp5rKqQCeJ2Zi Junw5sVvFNKd5CouMzFTLeI= =zz72 -----END PGP SIGNATURE-----