Microsoft is warning Internet Explorer users of attacks that
attempt to exploit an ActiveX vulnerability affecting MS Office and
ISA Server.
This is the
second warning in just over a week of an ActiveX vulnerability
that could allow attackers to take control of users' PCs through
websites infected with malicious code.
The latest ActiveX hole is in Microsoft Office Web Components
ActiveX controls.
The security risk affects Office XP, Office 2003, ISA Server
2004 and 2006, and Office Small Business Accounting 2006.
Users can prevent Web Components from running in IE using a
manual workaround or Microsoft's automatic
Fix-it
tool.
Microsoft said it is working on a security update for all
affected software.
Microsoft security advisory >>.