Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:97121D7AECAC15B015C56C3055918415
HistoryJul 14, 2009 - 12:00 a.m.

Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

2009-07-1400:00:00
SAINT Corporation
www.saintcorporation.com
14

0.967 High

EPSS

Percentile

99.5%

JSON

Added: 07/14/2009
CVE: CVE-2009-1136
BID: 35642
OSVDB: 55806

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the Evaluate method of the OWC.Spreadsheet ActiveX control.

Resolution

Set the kill bits on the {0002E541-0000-0000-C000-000000000046} and {0002E559-0000-0000-C000-000000000046} class IDs as described in Microsoft Knowledge Base Article 240797.

References

<http://www.microsoft.com/technet/security/advisory/973472.mspx&gt;

Limitations

Exploit works on Microsoft Office XP and 2003 SP3 and requires a user to open the exploit page in Internet Explorer 6 or 7.

The success of this exploit may depend on the state of the target’s memory.

Platforms

Windows

Related

saint 3
cve 1
prion 1
zdi 1
securityvulns 4
d2 1
packetstorm 2
seebug 1
checkpoint_advisories 3
nessus 2
cert 1
openvas 2
mskb 1
saint
saint
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
2009-07-14 00:00:00
cve
cve
CVE-2009-1136
2009-07-15 15:30:00
prion
prion
Design/Logic Flaw
2009-07-15 15:30:00
zdi
zdi
Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability
2009-08-11 00:00:00
securityvulns
securityvulns
FortiGuard Advisory: Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009-07-14 00:00:00
ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject&#40;&#41; Heap Corruption Vulnerability
2009-08-12 00:00:00
Microsoft Office Web Components ActiveX memory corruption
2009-08-20 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_OWC
2009-07-15 15:30:00
packetstorm
packetstorm
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
2010-03-03 00:00:00
Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
2009-11-26 00:00:00
seebug
seebug
Microsoft Office Spreadsheet ActiveXζŽ§δ»Άε†…ε­˜η ΄εζΌζ΄ž
2009-07-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Office Web Components Arbitrary Code Execution (CVE-2009-1136)
2011-10-04 00:00:00
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
2009-07-13 00:00:00
Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)
2008-03-11 00:00:00
nessus
nessus
MS09-043: Vulnerabilities in Microsoft Office Web Components Control Could Allow Remote Code Execution (973472)
2009-07-14 00:00:00
MS09-043: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
2009-08-11 00:00:00
cert
cert
Microsoft Office Web Components Spreadsheet ActiveX control vulnerability
2009-07-15 00:00:00
openvas
openvas
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
mskb
mskb
MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution
2018-04-17 19:02:46

0.967 High

EPSS

Percentile

99.5%

JSON
Related for SAINT:97121D7AECAC15B015C56C3055918415
saint3cve1prion1zdi1securityvulns4d21packetstorm2seebug1checkpoint_advisories3nessus2cert1openvas2mskb1