Microsoft investigates new Office zero-day flaw

By Bill Brenner, Senior News Writer 23 May 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Microsoft Corp. confirmed Wednesday that it is looking into reports of a new Office zero-day flaw attackers could exploit to cause a denial of service or run malicious code on targeted Windows machines.

Cupertino, Calif.-based antivirus giant Symantec Corp. released an email advisory on the flaw to customers of its DeepSight threat management system early Wednesday afternoon. A couple hours later, a Microsoft spokesperson confirmed the company is investigating the report. At issue is a buffer overflow flaw in Office 2000's UA ActiveX control. Because of the flaw, the application fails to properly check user-supplied data before copying it into a poorly-sized buffer, Symantec said.

"This issue occurs when an excessive amount of data is passed to the 'HelpPopup' method of the 'OUACTRL.OCX' ActiveX control," Symantec said. "Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions."

Symantec said the flaw was discovered by a researcher named Shinnai, who has posted exploit code. To successfully exploit the flaw, an attacker must trick an unsuspecting user into accessing a malicious Web page.

The Microsoft spokesperson said Microsoft is not aware of any attacks attempting to use the flaw, but that it will continue to investigate the issue.

"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include issuing a security advisory or providing a security update through our monthly release process, depending on customer needs," she added.

For now, Symantec recommends users mitigate the threat by disabling ActiveX scripting in Internet Explorer, or set the kill bit on CLSID:8936033C-4A50-11D1-98A4-00A0C90F27C6.

Tags: Securing Productivity Applications,  Security Patch Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw Security Patch Management Adobe fixes critical Shockwave Flash Player flaw Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates Adobe issues first quarterly patch release fixing 13 flaws Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Adobe shifts to Microsoft patching process, incident response plan Software delivery could fix software patching issues Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw Firefox update addresses several security flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary