Microsoft Issues Another ActiveX Bug Warning

REDMOND, Wash.—Microsoft has warned of yet another unpatched vulnerability in its ActiveX component, this time in the Microsoft Office Suite, related to Internet Explorer.

In a security advisory, the computer firm said it is investigating a privately reported vulnerability in Microsoft Office Web Components.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention," the posting said.

The Register explained that the flawed component is used by IE to display Excel spreadsheets, and opens up a system to malware and hijacking, especially Windows XP and the older Windows 2003. Security controls in Vista are said to address such a flaw.

As with other recently reported security holes in Microsoft software, a user could be tricked into visiting malicious websites.

Microsoft is working on a patch for the problem, but it's not expected until sometime in August.

Meanwhile, McAfee warned that most of the Trojan attacks appear to have come out of China.

Currently a workaround solution is suggested, by preventing the component from running in IE through manual adjustments, found in this Microsoft Knowledge Base Article.

Microsoft also has had trouble with its DirectX Control.

Some security sites such as SANS Institute's Internet Storm Centre and F-Secure have suggested using alternative browsers altogether, such as Firefox, Google's Chrome or Apple Safari for Windows.