CVE-2009-0562

2009-08-1217:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-0562

microsoft

office web components

activex control

memory allocation

vulnerability

remote code execution

nvd

security advisory

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.821 High

EPSS

Percentile

98.4%

JSON

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger “system state” corruption, aka “Office Web Components Memory Allocation Vulnerability.”

CPENameOperatorVersion
microsoft:office_web_componentsmicrosoft office web componentseq2000
microsoft:office_web_componentsmicrosoft office web componentseqxp
microsoft:officemicrosoft officeeqxp
microsoft:isa_servermicrosoft isa servereq2006
microsoft:isa_servermicrosoft isa servereq2004
microsoft:office_web_componentsmicrosoft office web componentseq2003
microsoft:officemicrosoft officeeq-
microsoft:officemicrosoft officeeq2003

CPE	Name	Operator	Version
microsoft:office_web_components	microsoft office web components	eq	2000
microsoft:office_web_components	microsoft office web components	eq	xp
microsoft:office	microsoft office	eq	xp
microsoft:isa_server	microsoft isa server	eq	2006
microsoft:isa_server	microsoft isa server	eq	2004
microsoft:office_web_components	microsoft office web components	eq	2003
microsoft:office	microsoft office	eq	-
microsoft:office	microsoft office	eq	2003