An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
This vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. Microsoft mentions that they are aware of active exploits against this vulnerability and at the moment there is no patch, just a a workaround. Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft advisory…

The company behind Lollapalooza, c3 Presents, has decided to make Lollapalooza a bit more social before the event by implementing Facebook Connect. While I typically don’t cover every new implementation of Facebook Connect, this most recent one was interesting because of the impressive statistics provided by the company. According to c3 Presents, pageviews are up 99 percent, page views per visit are up 34 percent, and the average time on the site is up 20 percent.
This is a pretty standard result of implementing Facebook Connect on any site. Users are relatively quick to log in with their Facebook account,…

[ Read the rest of the story in the original article... ]