Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

2009-07-14T00:00:00
ID SAINT:7CE0BD618567381DE100050E67F3DB80
Type saint
Reporter SAINT Corporation
Modified 2009-07-14T00:00:00

Description

Added: 07/14/2009
CVE: CVE-2009-1136
BID: 35642
OSVDB: 55806

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the Evaluate method of the OWC.Spreadsheet ActiveX control.

Resolution

Set the kill bits on the {0002E541-0000-0000-C000-000000000046} and {0002E559-0000-0000-C000-000000000046} class IDs as described in Microsoft Knowledge Base Article 240797.

References

<http://www.microsoft.com/technet/security/advisory/973472.mspx>

Limitations

Exploit works on Microsoft Office XP and 2003 SP3 and requires a user to open the exploit page in Internet Explorer 6 or 7.

The success of this exploit may depend on the state of the target's memory.

Platforms

Windows