Threat Center Security News Microsoft Warns About Browser Components Vulnerability
Microsoft Warns About Browser Components Vulnerability Print E-mail
Written by Rebecca Mints   
Tuesday, 08 July 2008 06:42

The vulnerability refers to a flaw in an ActiveX control for Snapshot Viewer. It affects Microsoft Office Access 2000, 2002 and 2003 but not Office Access 2007. Once the vulnerability is found, it can used by attackers to gain access to the targeted system and all of the owner’s rights.

 

"Internet Explorer uses the ActiveX controls in order to connect to certain applications and view certain content. The attack cannot be completed on other browsers that do not use ActiveX. Also, the copies of Internet Explorer running the Enhanced Security Configuration, such as Windows Server 2003 and 2008 are also sheltered from the attacks." quoted by efluxmedia.com

 

All users should implement the manual steps from the Advisory, either configuring their Internet Explorer browser to disable the Active Scripting, changing their Internet security zone settings to ‘high’. Switching to another browser such as Opera or Firefox would also resolve the issue.

 

"While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA (Microsoft Security Response Alliance) partners to help protect customers," said Bill Sisk, security response communications manager for Microsoft, as quoted by Cnet.

 

Resources:
Cnet
Efluxmedia
Microsoft
 

WTW Threat Level