ActiveX

Security Bulletin Webcast Video, Questions and Answers – July 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed …

Security Bulletin Webcast Video, Questions and Answers – July 2009 Read More »

Microsoft Security Advisory 973472 Released

Hi Everyone,   This is Dave Forstrom, group manager for our security response communications team.  We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain …

Microsoft Security Advisory 973472 Released Read More »

More information about the Office Web Components ActiveX vulnerability

We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here. What’s the attacking vector? This vulnerability could be used for remote code execution in a “browse and get owned” scenario. User …

More information about the Office Web Components ActiveX vulnerability Read More »

Questions about Timing and Microsoft Security Advisory 972890

Hi everyone, Mike Reavey here.   You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890.   We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the …

Questions about Timing and Microsoft Security Advisory 972890 Read More »

New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll

We are aware of active attacks exploiting a remote code execution vulnerability in Microsoft’s MPEG2TuneRequest ActiveX Control Object. We have released advisory 972890 providing guidance to help our customers stay protected. In this blog post, we’d like to go into more detail to help you understand this issue. What’s the attack vector? (i.e. How could …

New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll Read More »

June 2009 Bulletin Release

Summary of Microsoft’s monthly security bulletin release for June 2009. Today we released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel …

June 2009 Bulletin Release Read More »

Behavior of ActiveX controls embedded in Office documents

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior By default, Office …

Behavior of ActiveX controls embedded in Office documents Read More »