Microsoft Warns of ActiveX Exploit in Access

Tag : Printed Patch

Sisk said, via an e-mail, that the vulnerability affects theActiveX control for the Snapshot Viewer in Microsoft Office Access2000, Microsoft Office Access 2002 and Microsoft Office Access2003.
The Snapshot Viewer interface component comprises a compound filebinary format mechanism and is used by Access to store screen shotsof data reports into usable files. Those files can be printed fromthe program and/or transferred to Excel, PowerPoint and otherOffice applications.
The vulnerability lies in Active X , which is a component object model (COM) control used for dataobject transfer and processing within the Windows enterpriseenvironment. It allows for object creation and editing in any justabout computer programming language.
Microsoft has offered a workaround for this vulnerability via its enhanced security configuration mode, which is available by default in Internet Explorer programssitting on Windows Server 2003 and Windows Server 2008 operatingsystems. The enhanced security configuration mode sets the securitylevel for the Internet zone to "High." It helps manage risks fromWeb sites that users have not pegged as "trusted," as indicated inthe Internet Explorer trusted sites zone settings file.
"Although these workarounds will not correct the underlyingvulnerability, they help block known attack vectors," Sisk wrote.He added that "while the attack appears to be targeted, and notwidespread," Microsoft will continue to monitor the issue and workwith its Security Response Alliance partners to protect clients andcustomers. Jabulani Leffall is an award-winning journalist whose work hasappeared in the Financial Times of London, Investor's BusinessDaily, The Economist and CFO Magazine, among others. You cancontact Jabulani about Microsoft Warns of ActiveX Exploit in Accessat editor@entmag.com . SEND PRINT COMMENT