I try to grab extremely critical vulnerabilities as they occur. Most of the other ones tend to be very anti climactic. The latest one is a nasty little exploit using Office’s snapshot viewer.
In essence, this exploit allows a malicious user to download an arbitrary file to a location of their choosing on your machine. This is done within the security context of the current user. Obviously, this is a bad thing because most Win users tend to make themselves administrators. And, this exploit can be executed just by visiting a website. The Internet Explorer activeX plug-in, provided by snapview.ocx, contains this vulnerability. You may have this plug-in even if you don’t have office installed. Currently there is no solution to this issue other than disabling ActiveX.
Source: US-Cert 837785
