Another MS Office 0-day released
Posted 15 June 2007 - 09:58 AM
14 June 2007 ~ ComputerWeekly - "...In an email alert to customers of its DeepSight threat management service, Symantec said researcher Yag Kohha discovered the flaw and released exploit code. Specifically, the flaw is in the MSODataSourceControl ActiveX control within Office. The ActiveX control is prone to a buffer-overflow condition because the application fails to bounds check user-supplied data before copying it into an irregularly-sized buffer... The new flaw report follows the recent trend where new vulnerabilities are disclosed immediately after Microsoft's monthly patch release... the Microsoft Security Response Center (MSRC), confirmed in an email Wednesday afternoon that Microsoft is investigating the new flaw report..."
.The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...