Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Microsoft is investigating a privately reported vulnerability in
Microsoft Office Web Components. An attacker who successfully exploited
this vulnerability could gain the same user rights as the local user.
When using Internet Explorer, code execution is remote and may not
require any user intervention.
More details at
Microsoft has released an advisory related to an Office Web Components ActiveX vulnerability, it is available here.
This vulnerability exists in the ActiveX control used by IE to display
The CVE entry for the vulnerability is CVE-2009-1136.
Microsoft mentions that they are aware of active exploits against this
vulnerability, although we at the SANS Internet Storm Center haven’t
seen it used or mentioned in public as of yet (this has changed, we are seeing active exploit pages).
Which may tend to indicate it has been used in targeted rather than
broad based attacks. At the moment there is no patch, there is a
workaround, and it can be automated for enterprise deployment.
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Web Components Service Pack 3
Microsoft Office 2003 Web Components Service Pack 3
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
Correction, a fixit for me modification is available at http://support.microsoft.com/kb/973472