Check Point Reference: | CPAI-2009-359 |
Date Published: | 6 Dec 2009 |
Severity: | Medium |
Last Updated: | Sunday 06 December, 2009 |
Source: | |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | |
Vulnerability Description | Office OCX provides multiple software products that parse various Microsoft Office documents. Some of these products include Word Viewer OCX, Excel Viewer OCX, PowerPoint Viewer OCX, and Office Viewer OCX. These products act as ActiveX document containers to create, open, edit, and print Word/Excel/PowerPoint documents. There exists an arbitrary program download and execution vulnerability in multiple Office OCX ActiveX controls. The vulnerability is due to insecure design of one of the methods in the controls that allows downloading and execution of arbitrary executables. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted web page. An attack targeting this vulnerability can result in download and execution of arbitrary executable program of attacker's choice. Any downloaded code will be executed within the security context of the currently logged in user. |
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Web Client Enforcement Violation.
Attack Information: Office OCX multiple ActiveX controls OpenWebFile arbitrary program execution