Microsoft Office Snapshot Vulnerability

By admin | Jul 8, 2008
If you are new here, you may want to subscribe to our feed.

I try to grab extremely critical vulnerabilities as they occur.  Most of the other ones tend to be very anti climactic.  The latest one is a nasty little exploit using Office’s snapshot viewer.

In essence, this exploit allows a malicious user to download an arbitrary file to a location of their choosing on your machine.  This is done within the security context of the current user.  Obviously, this is a bad thing because most Win users tend to make themselves administrators.  And, this exploit can be executed just by visiting a website.  The Internet Explorer activeX plug-in, provided by snapview.ocx, contains this vulnerability.  You may have this plug-in even if you don’t have office installed.  Currently there is no solution to this issue other than disabling ActiveX.

Source: US-Cert 837785

No TweetBacks yet. (Be the first to Tweet this post)



Related Posts:

Microsoft Word Unspecified Vulnerability
I love that title. Talk about vague. It seems things are hush hush. But the gist of...

Excel Remote Code Execution Zero Day
A zero day vulnerability is like a candy shop for hackers.  It allows them a proven vulnerability with no remedy. ...

Microsoft Excel Repair Mode Vulnerability
And yet again, Secunia has issued an extremely critical security warning. This time it involves a memory corruption issue...

Microsoft Word Memory Vulnerability
Well, sometimes it seems that yours truly and super collegiate wonder boy (ie, billy) are joined at the medulla oblongata. ...

Zero Day Word Code Execution Vulnerability
Secunia is reporting a zero day remote exploit within Microsoft Word. They seemed to have uncovered the exploit while...

Leave a Comment

If you would like to make a comment, please fill out the form below.

Name (required)

Email (required)

Website

Comments

Get Adobe Flash playerPlugin by wpburn.com wordpress themes
© 2009 PaulTech Network