Microsoft yesterday warned of a new attack underway against a flaw in the ActiveX control for the Snapshot Viewer for Microsoft Access, used by IE. There is not yet any patch available for the zero-day security hole, and the attacks likely focus on business targets.

In its security advisory, Redmond says the vulnerable control installs with "all supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone Snapshot Viewer." A poisoned Web page that exploits the hole could surreptitiously download malware to a victim PC.

"Active, targeted attacks" are underway on a relatively small scale, according to the advisory. Targeted attacks typically involve more.......


More: http://www.pcworld.com/businesscenter/blogs/larkin_on_the_web/148076/watch_out_for_an_ie_zeroday_attack.html