Microsoft Yanks Office Tools After Security Report

Microsoft has removed a collection of tools for its Office suite following an independent report that the tools may open security vulnerabilities.

According to a series of April 8 advisories from Israel"s GreyMagic Security, the latest versions of Microsoft"s Office Web Components (OWC) can enable malicious Web sites or e-mails to perform several attacks.

The attacks, which involve Microsoft"s Internet Explorer (IE) browser, include reading local files on the victim"s computer, running scripts even when scripting has been disabled, and accessing the contents of the system"s clipboard.

The page at Microsoft"s site for downloading OWC currently states, "This download is temporarily unavailable. Thank you for your patience."

According to a copy of the page available in the Google search engine"s cache, Office Web Components version 10 is automatically installed by Office XP Setup. OWC version 9 is installed by Office 2000.

Until a patch is available, GreyMagic said concerned Office users can protect themselves from OWC-related attacks by disabling ActiveX support in IE, or by uninstalling OWC.

According to Microsoft, Office Web Components is a collection of Component Object Model (COM) controls for publishing spreadsheets, charts and databases to the Web, and for viewing the published components in addition to Data Access Pages on the Web.

News source: Newsbytes

View: Office XP Tool: Web Components - Currently offline!

View: GreyMagic Internet Explorer Advisories

Report a problem with article
Next Article

The Road to Windows "Longhorn": Updated!

Previous Article

Long-Time File-Swappers Buy More Music, Not Less