Possible new breed of mass spreading worms ? New vulnerabilities found in MS products.

Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability

The specific vulnerability exists in the OWC10.Spreadsheet.10 ActiveX control installed by Microsoft Office. By accessing specific methods in a certain order heap corruption occurs leading to remote code execution. If exploited, complete control of the affected system can be achieved under the rights of the currently logged in user.

[http://www.securityfocus.com/archive/1/505679]

This looks like a perfect candidate for a possible mass spreading worm from a newly discovered (and patched) vulnerability in Microsoft Office Web Components.

  • Office XP, Office XP Web Components, and Office 2000 Web Components (all editions)
  • Office 2003, Office 2003 Web Components, and Office 2003 Web Components for the 2007 Microsoft Office system (all editions)
  • Internet Security and Acceleration Server 2004 and Internet Security and Acceleration Server 2006 (all editions)
  • Microsoft BizTalk Server (all editions)
  • Visual Studio .NET 2003 (all editions)
  • Microsoft Office Small Business Accounting 2006 (all editions)

Especially those running ISA server, this is seriously critical. You must get patched, get secure.
Since the attack takes the permission of the logged on user, it is possible that UAC will prevent privileged tasks from the remote exploit attempt.
Patch immediately or stand a chance to be part of the statistics (hopefully not)
http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx