Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Patches and Vulnerabilities

Patches and Vulnerabilities

Microsoft Warns of New Attacks Targeting ActiveX

In Snapshot Viewer for Access

By Marius Oiaga, Technology News Editor

8th of July 2008, 09:42 GMT

Adjust text size:


Security
Enlarge picture
ActiveX controls are by now nothing short of traditional vectors of attack because of their intimate integration with Microsoft's software products. The latest illustrative examples in this context are the new attacks targeting a Critical vulnerability in the ActiveX control for Microsoft Access. The Redmond company
informed that victims could essentially hand over their machines by simply viewing specially crafter malicious web pages. The vulnerability allows for remote code execution and Microsoft revealed that exploits had already been detected in the wild.

Bill Sisk, Microsoft Security Response Center Communications Manager, referred to "active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access. The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003".

The Office 2007 system is not affected by the vulnerability because Microsoft does not offer Access for the latest version of its productivity suite on Windows. According to the Redmond company, potential victims have to be first convinced to navigate to malicious websites which contain the exploit to the Access ActiveX vulnerability. The restrictions to standard privileges (UAC) of Windows Vista and Protect Mode in Internet Explorer 7 will act as additional mitigations which are able to reduce the risk of attacks.

The company has also published an advisory on the matter detailing several workarounds that can be implemented in order for the end users to protect themselves against exploits until a patch is delivered.

"We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers," Sisk added.

TAGS:

 ActiveX | Microsoft Office Access | vulnerability | exploit


Rating:
NOT RATED 0 vote(s) so far    

Read by 521 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Patches Available for IE7 on XP SP3 and Vista SP1

XP SP3 and Vista SP1 DirectX and Bluetooth Critical Holes Get Plugged

June 2008 Security Releases ISO Image for XP SP3 and Vista SP1

XP SP3 Wide Open to Attacks via Bluetooth Even After Critical Patch

The Ghost in Internet Explorer 8 Beta 1

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive