ActiveX flaw project hits Microsoft Office 2000

This month's ActiveX flaw project has uncovered a potentially dangerous code execution hole in an ActiveX module in Microsoft Office 2000.

The vulnerability (details here) is described as a buffer overflow in the "HelpPopup" function of the OUACTRL.OCX v. 1.0.1.9 module when processing an overly long value.

"Shinnai," the hacker behind the Month of ActiveX Bugs, has posted an online demonstration of the vulnerability. Exploit code has been released to Milw0rm.com.

There's a history of security issues with this ActiveX control, which is marked as safe for scripting and can be launched via Internet Explorer.

Redmond is investigating this newest issue, according to a note from a spokesman for the MSRC (Microsoft Security Response Center):

I can tell you that Microsoft is investigating new public claims of a possible vulnerability in Microsoft Office 2000 UA ActiveX Vulnerability. The company is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. Microsoft will continue to investigate the public claims to help provide additional guidance for customers as necessary.

Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs.