Check Point Advisories

Office OCX Multiple ActiveX Controls OpenWebFile Arbitrary Program Execution

Check Point Reference: CPAI-2009-359
Date Published: 6 Dec 2009
Severity: Medium
Last Updated: Sunday 06 December, 2009
Source:
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description Office OCX provides multiple software products that parse various Microsoft Office documents. Some of these products include Word Viewer OCX, Excel Viewer OCX, PowerPoint Viewer OCX, and Office Viewer OCX. These products act as ActiveX document containers to create, open, edit, and print Word/Excel/PowerPoint documents. There exists an arbitrary program download and execution vulnerability in multiple Office OCX ActiveX controls. The vulnerability is due to insecure design of one of the methods in the controls that allows downloading and execution of arbitrary executables. Remote attackers could exploit this vulnerability by persuading a target user to visit a specially crafted web page. An attack targeting this vulnerability can result in download and execution of arbitrary executable program of attacker's choice. Any downloaded code will be executed within the security context of the currently logged in user.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Office OCX Multiple ActiveX Controls OpenWebFile Arbitrary Program Execution protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Office OCX multiple ActiveX controls OpenWebFile arbitrary program execution

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK