Yet Another ActiveX/Internet Explorer Exploit Being Exploited

For those people who have to care about Windows systems SANS ISC has info on a scary new ActiveX remote exploit doing the rounds that allows an attacker to run code on a Windows box rendering HTML via Internet Exploder or (presumably) Outlook, etc if you have virtually any version of MS Office installed..

This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. The CVE entry for the vulnerability is CVE-2009-1136. Microsoft mentions that they are aware of active exploits against this vulnerability

There is no fix at present, though a workaround is available to disable those ActiveX controls. Attackers are actively targeting people with this too:

A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target – with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim’s domain/IP range would not reach with the server.

Remember Microsoft isn’t the answer, Microsoft is the question. “No” is the answer.

One thought on “Yet Another ActiveX/Internet Explorer Exploit Being Exploited

  1. Pingback: The Musings of Chris Samuel » Blog Archive » Firefox 3.5 0day Vulnerability

Comments are closed.