Two Office flaws found in Month of ActiveX bugs

Powered by SC Magazine
 

A hacker known as shinnai kicked off his "Month of ActiveX Bugs" (MoAxB) project with a bang by exposing a number of severe vulnerabilities affecting OCX controls in Microsoft Office.

Tracking firm Secunia rated the flaws as "highly critical," saying successful exploitation could permit malicious code execution.

The bugs residing in the PowerPoint Viewer, used to display presentations, are caused by boundary errors in the viewer’s ActiveX control that can lead to stack-based buffer overflows, according a Secunia advisory. The flaws are located in the program, PowerPointViewer.ocx, and affect version 3.1.0.3.

OCX is the former name for ActiveX controls.

The other flaws impact Excel Viewer and are similarly caused by boundary errors in the Excel Viewer ActiveX control, specifically ExcelViewer.ocx, Secunia said in a separate advisory. If taken advantage of, the same result can occur. They are confirmed in version 3.2.0.5.

shinnai said today on the moAxB blog that "this component allow(s) you to visualize, create and modify XLS files."

"Some methods are unable to handle exceptional conditions, and this cause(s) the crash of the application that use(s) this component."

The hacker said on Milw0rm today that the exploit has been tested on Windows XP Professional with Service Pack 2 and Internet Explorer 7 installed.

Users are encouraged to set the kill-bit for the affected ActiveX controls, according to Secunia. The kill-bit feature prevents ActiveX execution in a user’s web browser.

Microsoft said it is monitoring the MoAxB project, another effort by the hacking community to expose a month's worth of vulnerabilities in a variety of computer components and applications.

"As always, the Microsoft Security Response Center(MSRC) will stand ready to mobilise its teams to investigate, fix and learn from any vulnerabilities discovered through the project, and the company will take appropriate action to protect its customers, as needed," a company spokesman told SCMagazine.com.

He added that Microsoft prefers when researchers report flaws directly to the vendor to "ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed."


Two Office flaws found in Month of ActiveX bugs
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 343

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 143

Vote