Office Web Components exploits in the wild

Image (1) microsoft_office_logo.png for post 23966

Only a week after the serious vulnerability in the MPEG2TuneRequest ActiveX Control Object, Microsoft has released a security advisory documenting a remote execution vulnerability affecting Microsoft Office Web Components that may allow attacker to take control over the victim’s machine by creating a malicious web page.

Sophos has received reports of several websites, mostly hosted in China that serve the exploit as a part of a web exploit kit that downloads and runs a Windows executable detected by Sophos products as Mal/Generic-A.

The newly announced vulnerability is serious as there are no patches yet but a workaround has been documented by Microsoft. SophosLabs are in the process of collecting all known samples and publishing detection for them as Exp/OWCRef-A.

As usual we have written SophosLabs analysis of the vulnerability, which includes SophosLabs threat level – Critical since the patch is not yet available. Since tomorrow is a Microsoft Patch Tuesday there will be more to report on soon.