14 June 2007 ~ ComputerWeekly - "...In an email alert to customers of its DeepSight threat management service, Symantec said researcher Yag Kohha discovered the flaw and released exploit code. Specifically, the flaw is in the MSODataSourceControl ActiveX control within Office. The ActiveX control is prone to a buffer-overflow condition because the application fails to bounds check user-supplied data before copying it into an irregularly-sized buffer... The new flaw report follows the recent trend where new vulnerabilities are disclosed immediately after Microsoft's monthly patch release... the Microsoft Security Response Center (MSRC), confirmed in an email Wednesday afternoon that Microsoft is investigating the new flaw report..."
Another MS Office 0-day released
No replies to this topic