Guninski finds new ActiveX security hole in OXP
Outlook strikes again...
Bug hunter extraordinary Georgi Guninski has posted a tetchy warning of a new security hole in Office XP. As Georgi says, "MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are."
In this case Office XP installs an ActiveX control called "Microsoft Outlook View Control." This exposes a property called "selection" which allows access to a user's email messages. It also, says Guninski, exposes the Outlook "Application" object, which could allow execution of arbitrary programs on the user's computer. This could allow an intruder to take full control of the user's computer.
Guninski says he alerted Microsoft to the problem on the 9th of July, and that he understands they're investigating it. In the meanwhile Office XP can visit his demo of the feature here, (it's quite cute) and then (says Georgi) uninstall Office XP and Windows. ®