Microsoft Office OCX ActiveX controls OpenWebFile program execution

2009-01-30T00:00:00
ID SAINT:C334FFB1150A3AB54E6F9DED3772EC7C
Type saint
Reporter SAINT Corporation
Modified 2009-01-30T00:00:00

Description

Added: 01/30/2009
BID: 33243

Background

Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files.

Problem

A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the **OpenWebFile** method.

Resolution

Apply an update when available.

References

<http://www.securityfocus.com/bid/33243>

Limitations

Exploit works on Office Viewer OCX 3.2 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows