Microsoft Office Web Components ActiveX Vulnerability
 |
 |
 |
 |
 |
A remote code execution vulnerability has been reported in Microsoft Office Web Components ActiveX Controls. Successful exploitation could result in execution of arbitrary code on the affected system.
Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web.
The vulnerability is due to a memory corruption error in the Microsoft Office Web Components ActiveX controls that fails to correctly handle parameter values when they are used in Internet Explorer. A remote attacker could exploit this issue by convincing a user to visit a malicious Web page. Successful exploitation of this vulnerability could allow remote code execution on the affected system.
Check Point provides protection against attacks that use this vulnerability through its IPS solutions: the new IPS Software Blade, IPS-1, and SmartDefense. This protection detects and blocks the Office Web Components vulnerable ActiveX controls. See CPAI-2009-121.
Enterprise Endpoint computers are also protected by Check Point Endpoint Security’s Antivirus feature, which detects and removes the drive-by downloads known to be emanating from this attack as of this writing.
For consumer customers, ZoneAlarm Extreme Security and ZoneAlarm ForceField (both with browser virtualization enabled) will stop malicious sites from being able to silently download malicious programs onto the victim computer. Additionally, the antivirus protection in ZoneAlarm Antivirus, ZoneAlarm Security Suite and ZoneAlarm Extreme Security will detect and remove the drive-by downloads known to be emanating from this attack as of this writing. Customers should ensure they have the latest updates.