Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C0F74DAF2B54B6A8B189AE35358DE447
HistoryAug 27, 2009 - 12:00 a.m.

Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

2009-08-2700:00:00
SAINT Corporation
my.saintcorporation.com
24

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.5%

JSON

Added: 08/27/2009
CVE: CVE-2009-0562
BID: 35990
OSVDB: 56914

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A heap memory corruption vulnerability in the **OWC10.DataSourceControl** ActiveX control allows command execution when a user opens a web page which loads and unloads this control.

Resolution

Apply the update referenced in Microsoft Security Bulletin 09-043.

References

<http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx&gt;

Limitations

Exploit works on Microsoft Office 2003 SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7. After the published page is loaded in Internet Explorer, the target user must move the mouse in order to trigger the vulnerability. Note that this exploit is not 100% reliable due to the nature of heap memory corruption.

Platforms

Windows XP

Related

saint 3
cve 1
securityvulns 3
zdi 1
prion 1
openvas 2
nessus 1
mskb 1
checkpoint_advisories 2
saint
saint
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation
2009-08-27 00:00:00
cve
cve
CVE-2009-0562
2009-08-12 17:30:00
securityvulns
securityvulns
ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
2009-08-12 00:00:00
Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution &#40;957638&#41;
2009-08-11 00:00:00
Microsoft Office Web Components ActiveX memory corruption
2009-08-20 00:00:00
zdi
zdi
Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability
2009-08-11 00:00:00
prion
prion
Memory corruption
2009-08-12 17:30:00
openvas
openvas
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
nessus
nessus
MS09-043: Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
2009-08-11 00:00:00
mskb
mskb
MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution
2018-04-17 19:02:46
checkpoint_advisories
checkpoint_advisories
Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)
2009-07-13 00:00:00
Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)
2008-03-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.853 High

EPSS

Percentile

98.5%

JSON
Related for SAINT:C0F74DAF2B54B6A8B189AE35358DE447
saint3cve1securityvulns3zdi1prion1openvas2nessus1mskb1checkpoint_advisories2