Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:B2E09FBBB71E145B9A84F21BF875B822
HistoryAug 27, 2009 - 12:00 a.m.

Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

2009-08-2700:00:00
SAINT Corporation
www.saintcorporation.com
17

0.929 High

EPSS

Percentile

98.8%

JSON

Added: 08/27/2009
CVE: CVE-2009-0562
BID: 35990
OSVDB: 56914

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A heap memory corruption vulnerability in the **OWC10.DataSourceControl** ActiveX control allows command execution when a user opens a web page which loads and unloads this control.

Resolution

Apply the update referenced in Microsoft Security Bulletin 09-043.

References

<http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx&gt;

Limitations

Exploit works on Microsoft Office 2003 SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7. After the published page is loaded in Internet Explorer, the target user must move the mouse in order to trigger the vulnerability. Note that this exploit is not 100% reliable due to the nature of heap memory corruption.

Platforms

Windows XP

Related

saint 3
cve 1
prion 1
securityvulns 3
zdi 1
openvas 2
mskb 1
nessus 1
checkpoint_advisories 2
saint
saint
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
cve
cve
CVE-2009-0562
2009-08-12 17:30:00
prion
prion
Memory corruption
2009-08-12 17:30:00
securityvulns
securityvulns
ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
2009-08-12 00:00:00
Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution &#40;957638&#41;
2009-08-11 00:00:00
Microsoft Office Web Components ActiveX memory corruption
2009-08-20 00:00:00
zdi
zdi
Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
2009-08-11 00:00:00
openvas
openvas
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
mskb
mskb
MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution
2018-04-17 19:02:46
nessus
nessus
MS09-043: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
2009-08-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
2009-07-13 00:00:00
Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)
2008-03-11 00:00:00

0.929 High

EPSS

Percentile

98.8%

JSON
Related for SAINT:B2E09FBBB71E145B9A84F21BF875B822
saint3cve1prion1securityvulns3zdi1openvas2mskb1nessus1checkpoint_advisories2