Microsoft has released an advisory relating to a vulnerability in Microsoft Office Web Components. The vulnerability is in an ActiveX control that Internet Explorer uses to display Excel spreadsheets. This vulnerability allows attackers to gain control over a vulnerable Windows PC by having a user view a malicious web site with Internet Explorer.
PCs with the following software installed may be vulnerable:
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3 Microsoft Office XP Web Components Service Pack 3
- Microsoft Office 2003 Web Components Service Pack 3
- Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2006
- Internet Security and Acceleration Server 2006 Supportability Update
- Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
- Microsoft Office Small Business Accounting 2006
Users browsing with a browser other than Internet Explorer are not affected.
Microsoft has posted instructions on how to check whether your PC is vulnerable and how to protect your system.
An attacker could trick users into viewing a malicious web page by sending a link via e-mail or Instant Messenger. Attackers could also compromise legitimate web sites and add malicious code to the page.
