Hola!,Parece que MS ha publicado un nuevo advisory sobre una vulnerabilidad en Web Components instalado por varias versiones de Office (XP, 2003, 2007). Aparentemente es un ActiveX cuyo CLSID es {0002E541-0000-0000-C000-000000000046}.
Aqui la lista de software afectado:
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Web Components Service Pack 3
Microsoft Office 2003 Web Components Service Pack 3
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
Microsoft Office Small Business Accounting 2006
Aqui esta el advisory de Microsoft:
http://www.microsoft.com/technet/security/advisory/973472.mspx
Algunos links de interes mas:
http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx
PoCs:
http://downloads.securityfocus.com/vulnerabilities/exploits/35642.html
http://downloads.securityfocus.com/vulnerabilities/exploits/35642.rb
A patchear sus sistemas!.
No hay comentarios:
Publicar un comentario