ActiveX



The Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system, according to a warning from the networking vendor.

Microsoft has expended a massive amount of time, energy and money in the last few years to improve both the quality of its software and the speed and efficiency of its security response process. It has succeeded in large part on both counts, especially on the security and reliability of its products. But, as the company’s response to the privately disclosed MsVidCtl ActiveX vulnerability in Internet Explorer shows, Microsoft still has some ground to cover on the issue of timely response.

From SearchSecurity (Robert Westervelt)
Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers. The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by Internet Explorer (IE) to display the data in the browser. It is remotely exploitable when a person browses with IE and visits a malicious website. If successfully exploited, an attacker could gain the same user rights as the local user and gain complete control of a system, Microsoft said. Read the full story [SearchSecurity].

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.