Just a day afterMicrosoft patched 15 flaws across its product
line, Symantec has warned of a new flaw with
exploit code for Microsoft Office.
It seesm that attackers could exploit it via
Internet Explorer (IE) to cause a denial of service or run
malicious code on targeted machines. Microsoft has confirmed that
it is investigating the reported flaw.
In an email alert to customers of its DeepSight threat
management service, Symantec said researcher
Yag Kohha discovered the flaw and released
exploit code. Specifically, the flaw is in the
MSODataSourceControl ActiveX control within Office. The ActiveX
control is prone to a buffer-overflow condition because the
application fails to bounds check user-supplied data before
copying it into an irregularly-sized buffer.
"This issue occurs when an excessive amount of data is passed to
the 'HelpPopup' method of the 'DeleteRecordSourceIfUnused()' method
of the MSODataSourceControl ActiveX control," Symantec said.
"Successfully exploiting this issue allows remote attackers to
execute arbitrary code in the context of the application using the
ActiveX control (typically Internet Explorer). Failed exploit
attempts likely result in denial-of-service conditions."
To exploit this issue, Symantec said, an attacker must trick the
user into accessing a malicious Web page. To prevent successful
exploits, Symantec recommended users disable Active Scripting in
Internet Explorer or set the kill bit on
CLSID:{0002E55B-0000-0000-C000-000000000046}.
The new flaw report follows the recent trend where new
vulnerabilities are disclosed immediately after Microsoft's monthly
patch release. Microsoft released six security bulletins to fix 15
flaws across its product line Tuesday, including Windows XP, Vista
and Internet Explorer 7. Attackers could exploit the most serious
flaws remotely to run malicious code on victims' machines.
Mark Griesi, security program manager for the
Microsoft Security Response Center (MSRC), confirmed in an
email Wednesday afternoon that Microsoft is investigating the new
flaw report.
"Microsoft is investigating new public claims of a possible
vulnerability in Microsoft Office," he said. "We're currently
unaware of any attacks trying to use the claimed vulnerability or
of customer impact. We will take steps to determine how customers
can protect themselves should we confirm the vulnerability."
Once the investigating is finished, he said, the company will
take appropriate action to protect customers. "This may include
providing a security update through the monthly release process, an
out-of-cycle update or additional guidance to help customers
protect themselves," he said.