Microsoft warns of "active, targeted" ActiveX control attacks

Microsoft warns of "active, targeted" ActiveX control attacks

Summary: Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the  Snapshot Viewer for Microsoft Access.The skinny:An attacker could exploit the vulnerability by constructing a specially crafted Web page.

SHARE:

Microsoft has issued a pre-patch security advisory to warn about "active, targeted attacks" against an ActiveX control for the  Snapshot Viewer for Microsoft Access.

The skinny:

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer.

The advisory contains information on setting the killbit to avoid the attack.  More information in this US-CERT advisory.

Topics: Software, Collaboration, Microsoft, Security, Software Development

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • An activeX attack. WHAT a suprise...

    NT
    BitTwiddler
    • Windows only technolgy

      Why haven't others picked up on it? ;-)

      Reminds me of their patent for web technology controls without security.
      Richard Flude
      • yup

        Being able to format your drive through a website, that's really a Microsoft invention and might i dare say it, innovation? :) lol
        TedKraan
    • Almost as common as Quicktime exploits

      No surprise there either. Just folks like you hold MS to an imposable standard, while giving Apple every forgiveness.

      No surprise there either.
      mdemuth
  • ActiveX exists?

    Truly amazing. I'd have assumed that, after nearly 15 years of holding the title of "worst exploit ridden API ever designed," people might actually learn not to use it.
    cmdrrickhunter
    • Makes me wonder, ....

      ... keep using Active X, invest in AV company stock, write malware using Active X, make money. Is that why MS loves X?
      Mike Hunt
    • Is the users fault, of course

      and lazy developers that don't follow strict MS guidelines.

      PF
      theo_durcan
      • IIf you had read the story closer and understood it

        you wouldn't be here going off on a tangent blaming the
        user. The lazy developers you are referring to are Microsofts
        own. This ActiveX sploit is part of Microsoft Office.

        Please re-read this story.
        Intellihence
      • Sarcasm? <nt>

        [b][/b]
        zkiwi
  • This is a threat to big business from Microsoft

    Microsoft has the monopoly and this might even be extortion.
    BALTHOR
  • RE: Microsoft warns of

    Uh..they will fix it and move on...
    samp_z
  • RE: Microsoft warns of

    Much like government.......Nobody is responsible.
    Steves500
  • RE: Microsoft warns of

    Much like government.....nobody is responsible.
    Steves500
  • RE: Microsoft warns of

    ZZZZZZZZZz... Is it over yet
    TFW381