Memory corruption

2009-08-1217:30:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.4%

JSON

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger “system state” corruption, aka “Office Web Components Memory Allocation Vulnerability.”

CPENameOperatorVersion
isa_servereq2006 sp1-standard
isa_servereq2004 sp3-enterprise
isa_servereq2004 sp3-standard
isa_servereq2006 sp1-enterprise
officeeqxp sp3
officeeq smallbusinessaccounting2006
officeeq2003 sp3
office_web_componentseq2000 sp3
office_web_componentseqxp sp3
office_web_componentseq2003 sp12007microsoftoffice

Name	Operator	Version
isa_server	eq	2006 sp1-standard
isa_server	eq	2004 sp3-enterprise
isa_server	eq	2004 sp3-standard
isa_server	eq	2006 sp1-enterprise
office	eq	xp sp3
office	eq	smallbusinessaccounting2006
office	eq	2003 sp3
office_web_components	eq	2000 sp3
office_web_components	eq	xp sp3
office_web_components	eq	2003 sp12007microsoftoffice