Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on July 13, 2009, 08:12:45 pm

Title: Office Web Components exploits in the wild
Post by: SysAdMini on July 13, 2009, 08:12:45 pm
http://www.sophos.com/blogs/sophoslabs//?p=5320

http://www.sophos.com/support/knowledgebase/article/61024.html

http://isc.sans.org/diary.html?storyid=6778

https://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx

http://safelab.spaces.live.com/blog/cns!A6B213403DBD59AF!1463.entry
Title: Re: Office Web Components exploits in the wild
Post by: MysteryFCM on July 14, 2009, 05:04:18 am
Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution


Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

We are aware of attacks attempting to exploit the vulnerability.

Customers may prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.

Fix It solution is available and applies to:
Microsoft Office Small Business Accounting 2006
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Microsoft Office 2003 Service Pack 3
Microsoft Office 2003 Web Components
Microsoft Internet Security and Acceleration Server 2004 Standard Edition

Fix It solution is in http://support.microsoft.com/kb/973472
More info on this security advisory in http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx
http://www.microsoft.com/technet/security/advisory/973472.mspx


Special thanks to Donna and Corrine for the heads up.

Microsoft Security Advisory (973472) - FixIt solution is available
http://msmvps.com/blogs/donna/archive/2009/07/14/microsoft-security-advisory-973472-released-fixit-solution-is-available.aspx

Microsoft Security Advisory 973472 Released
http://securitygarden.blogspot.com/2009/07/microsoft-security-advisory-973472.html
Title: Re: Office Web Components exploits in the wild
Post by: Serg on July 14, 2009, 01:15:54 pm
Now we are detecting a lot of trojans for online games. Interesting that first sample was founded in March
http://forums.techguy.org/malware-removal-hijackthis-logs/807123-hijiack-log-pc-china-acting.html (http://forums.techguy.org/malware-removal-hijackthis-logs/807123-hijiack-log-pc-china-acting.html)
Title: Re: Office Web Components exploits in the wild
Post by: SysAdMini on July 14, 2009, 02:16:33 pm
Who is Exploiting the Office Web Components 0-day?
http://blog.fireeye.com/research/2009/07/who-is-exploiting-office-web-components-0day.html