Internet Explorer: Exploit of the Week

by Rich

Monday, July 13, 2009 at 01:07 PM EDT

Microsoft has issued a new security advisory for Internet Explorer. It relates to a Microsoft Office Web component, the ActiveX control that is used to display Excel spreadsheets retrieved from a Web site. This is a serious vulnerability, since it potentially would allow execution of an arbitrary program if a user simply visits a compromised Web site.

According to the advisory, there is no fix available at present for this vulnerability. There is, however, a work-around which disables the vulnerable software control. This is done by setting the “kill bit” for the relevant ActiveX controls in the Windows Registry. As I have noted before, this is not for the faint of heart. Instructions for implementing the fix are in the “Suggested Actions / Workarounds” section of the advisory. The ClassIDs of the Active X controls are:

{0002E541-0000-0000-C000-000000000046}{0002E559-0000-0000-C000-000000000046}

Alternatively, you can look at the associated Knowledge Base article. In the “Fix It for Me” section, you will find a link to download a small Microsoft Installer (.msi) file that will set the appropriate kill bits.

According to Microsoft, implementing the workaround should not affect applications, other than to disable the facility for viewing Excel spreadsheets for the Web. Since there is apparently an exploit for this vulnerability “in the wild”, I recommend implementing the work-around as soon as you can.

The SANS Institute also has an article on this vulnerability.