New Flaw in Microsoft Office Web Components Under Attack

From SearchSecurity (Robert Westervelt)
Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers. The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by Internet Explorer (IE) to display the data in the browser. It is remotely exploitable when a person browses with IE and visits a malicious website. If successfully exploited, an attacker could gain the same user rights as the local user and gain complete control of a system, Microsoft said. Read the full story [SearchSecurity].

From SearchSecurity (Robert Westervelt)

Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers. The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by Internet Explorer (IE) to display the data in the browser. It is remotely exploitable when a person browses with IE and visits a malicious website. If successfully exploited, an attacker could gain the same user rights as the local user and gain complete control of a system, Microsoft said. Read the full story [SearchSecurity].

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.