Microsoft warns of “active, targeted” ActiveX control attacks

(osnn.net) -- Microsoft has issued a pre-patch security advisory warning about the Microsoft Office Snapshot Viewer ActiveX control. It contains a vulnerability which can allow a remote unauthenticated attacker to download arbitrary files to arbitrary locations.

Vulnerability Note VU#837785 @ US-CERT

This advisory has information on setting the killbit in order to avoid this attack.

See the Microsoft Security Advisory 955179 for more information.

See also Microsoft Support Document 240797 about how to set the kill bit.