Attackers have begun using the unpatched vulnerability in Microsoft s Office Web Components in SQL injection attacks. The vulnerability, which only became public this week, affects millions of users running a number of different versions of Windows, Office and Internet Explorer. The SANS Internet Storm Center said it is receiving reports of attacks exploiting the vulnerability and using obfuscated code. Microsoft has released an advisory on the issue, along with instructions on how to implement a workaround. The workaround does not fix the vulnerability, but it prevents the Office Web. Components from running in Internet Explorer, which helps prevent attacks against the flaw.
Source: https://threatpost.com/office-web-components-flaw-used-sql-injection-attacks-071609/72897/