Lucene search
SAINT CorporationSAINT:BB3E58B37F03278DF28685A2F01F5CAFHistoryMar 12, 2008 - 12:00 a.m.
Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow
2008-03-1200:00:00
SAINT Corporation
www.saintcorporation.com
17
EPSS
0.86
Percentile
98.6%
Added: 03/12/2008
CVE: CVE-2006-4695
BID: 28135
OSVDB: 42711
Background
Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
Problem
A buffer overflow vulnerability in the **OWC.Spreadsheet.9** ActiveX control allows command execution when a user loads a web page which instantiates this control with a long, specially crafted URL in the **CSVData** field.
Resolution
Apply the update referenced in Microsoft Security Bulletin 08-017.
References
<http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx>
Limitations
Exploit works on Microsoft Office 2000 and XP and requires a user to load the exploit page in Internet Explorer.
Platforms
Windows
Related
checkpoint_advisories
checkpoint_advisories
cert
cert
d2
d2
DSquare Exploit Pack: D2SEC_MS08_017
2006-12-31 05:00:00
cvelist
cvelist
CVE-2006-4695
2008-03-11 23:00:00
saint
saint
Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow
2008-03-12 00:00:00
Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow
2008-03-12 00:00:00
Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow
2008-03-12 00:00:00
cve
cve
CVE-2006-4695
2008-03-11 23:00:00
nvd
nvd
CVE-2006-4695
2006-12-31 05:00:00
seebug
seebug
Microsoft Office Web组件ActiveX控件远程代码执行漏洞(MS08-017)
2008-03-14 00:00:00
nessus
nessus
securityvulns
securityvulns