Vulnerability in Microsoft Office Web Components ActiveX

Hi,
 
altough this vulnerability is intended to Microsoft Office Web Components, it can affect ISA Server as well. This component is not installed by default on any Windows version.
 
However, when you install ISA Server this component is also installed. At ISAserver.org message boards, ISA admins always states that ISA Server can not be treated as a workstation or a commom server, but a Firewall.
 
If you are one of those admins, then congratulations to you! This vulnerability will not affect you, because it is the type of "browse and get owned" scenario.
 
 
In order to prevent against this vulnerability, follow these steps:
 
In order to protect your system you can issue the killbit for the two classids by adding the following value in the registry following these steps:
1) Use Registry Editor to view the data value of the Compatibility Flags DWORD in the following two registry keys:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E541-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerActiveX Compatibility{0002E559-0000-0000-C000-000000000046}
 
2) Change or add the value of the Compatibility Flags DWORD value to 0x00000400.
 
PS: {0002E559-0000-0000-C000-000000000046} = OWC11
     {0002E541-0000-0000-C000-000000000046} = OWC10
 
 
For more information, read these links:
 
 
You can also follow this thread about the issue: http://forums.isaserver.org/fb.aspx?m=2002089656
 
 
Regards,
Paulo Oliveira.
Advertisements
This entry was posted in ISA Server. Bookmark the permalink.

2 Responses to Vulnerability in Microsoft Office Web Components ActiveX

  1. Reza says:

    Thanks for your great information.I looked for the two registry entries, but I did not find them. Does myself create them and give the the mentioned values?Thanks-Reza

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s