Office Web Components exploits in the wild

Filed Under: Malware, SophosLabs, Vulnerability

Only a week after the serious vulnerability in the MPEG2TuneRequest ActiveX Control Object, Microsoft has released a security advisory documenting a remote execution vulnerability affecting Microsoft Office Web Components that may allow attacker to take control over the victim's machine by creating a malicious web page.

Sophos has received reports of several websites, mostly hosted in China that serve the exploit as a part of a web exploit kit that downloads and runs a Windows executable detected by Sophos products as Mal/Generic-A.

The newly announced vulnerability is serious as there are no patches yet but a workaround has been documented by Microsoft. SophosLabs are in the process of collecting all known samples and publishing detection for them as Exp/OWCRef-A.

As usual we have written SophosLabs analysis of the vulnerability, which includes SophosLabs threat level - Critical since the patch is not yet available. Since tomorrow is a Microsoft Patch Tuesday there will be more to report on soon.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.