10 Mar Microsoft Fixes Recent Vulnerabilities for Microsoft Office
Microsoft have released a set of three bulletins which are aimed at fixing four vulnerabilities in their Windows and Microsoft Office software. One of the issues is rated at a critical level for users of Windows XP, Vista and Windows 7.
The bulletin MS11-015 resolves one critical vulnerability in DirectShow and one in Windows Media Player and Media Center. The more severe versions of the flaws could have allowed for remote code execution, which could in turn provide hackers with complete control over a computer.
"Microsoft normally rates this type of file format vulnerabilities as only 'important' because user interaction is required." said Wolfgang Kandek, chief technology officer of Qualys. "However this particular flaw has a component that allows for an attack through a browser link and allows its exploitation in automated 'drive-by' fashion" just through a user visiting a malicious website.
The other two security bulletins related to preloading issues with the Dynamic Link Library (DLL) and were rated as important.
According to Cnet;
"MS11-016 affects Microsoft Groove 2007 Service Pack 2 used in Office. The vulnerability could allow remote code execution if a user opened a legitimate Groove-related file that is located in the same network directory as a malicious library file.
"Meanwhile, MS11-017 affects Windows Remote Client Desktop.
The vulnerability could allow remote code execution if a user opened a legitimate Remote Desktop configuration file located in the same network folder as a malicious library file."