Added: 08/27/2009
CVE: CVE-2009-0562
BID: 35990
OSVDB: 56914
Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
A heap memory corruption vulnerability in the **OWC10.DataSourceControl**
ActiveX control allows command execution when a user opens a web page which loads and unloads this control.
Apply the update referenced in Microsoft Security Bulletin 09-043.
<http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx>
Exploit works on Microsoft Office 2003 SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7. After the published page is loaded in Internet Explorer, the target user must move the mouse in order to trigger the vulnerability. Note that this exploit is not 100% reliable due to the nature of heap memory corruption.
Windows XP