Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
A buffer overflow vulnerability in the
**OWC.Spreadsheet.9** ActiveX control allows command execution when a user loads a web page which instantiates this control with a long, specially crafted URL in the
Apply the update referenced in Microsoft Security Bulletin 08-017.
Exploit works on Microsoft Office 2000 and XP and requires a user to load the exploit page in Internet Explorer.