Vulnerability in Microsoft Office Web Components Control Allows Remote Code Execution

http://isc.sans.org/diary.html?storyid=6778
http://www.microsoft.com/technet/security/advisory/973472.mspx

This vulnerability in Microsoft Office Web Components can lead to remote
code execution through IE.

Affected Products
* Microsoft Office XP Service Pack 3;
* Microsoft Office 2003 Service Pack 3;
* Microsoft Office XP Web Components Service Pack 3;
* Microsoft Office Web Components 2003 Service Pack 3;
* Microsoft Office 2003 Web Components for the 2007 Microsoft
Office system Service Pack 1;
* Microsoft Internet Security and Acceleration Server 2004 Standard
Edition Service Pack 3;
* Microsoft Internet Security and Acceleration Server 2004
Enterprise Edition Service Pack 3;
* Microsoft Internet Security and Acceleration Server 2006;
* Internet Security and Acceleration Server 2006 Supportability Update;
* Microsoft Internet Security and Acceleration Server 2006 Service
Pack 1; and
* Microsoft Office Small Business Accounting 2006.

There is currently no patch to fix this. There are reports of a 0-day
exploit using this vulnerability actively compromising machines on the
Internet. We do not currently know of any IAS infections.

There is a workaround that can be implemented to mitigate this
vulnerability.

By setting the kill bit on the following CLSIDs, you can prevent the Web
Components library from using IE.

{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}

More information can be found at the above links.