Zero-day advisory for Microsoft Office Web Components ActiveX

We just released our QID 110101 which detects the Microsoft Office Web Components ActiveX zero-day vulnerability that Microsoft released today as KB973472. Similar to last weeks zero-day vulnerability Microsoft is providing a workaround using their Fixit program.

The main attack vector is again Internet Explorer, a user can be infected by browsing a website that hosts the exploit without further interaction with a so called "drive-by" exploit. There have been a number of sightings already, which have prompted Microsoft for this out-of-band release – for more information take a look at SANS.

QualysGuard will not raise the vulnerability if you have the described workaround applied which inhibits the OWC10 and OWC11 classids that are susceptible to the attack. We will be enhancing the detection as more information about workarounds and patches becomes available. Due to the timing we do not expect this vulnerability to be addressed tomorrow at Patch Tuesday.