Lucene search
SAINT CorporationSAINT:F2E6998CEAAEFC701657B0FC27101957HistoryAug 14, 2009 - 12:00 a.m.
Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow
2009-08-1400:00:00
SAINT Corporation
www.saintcorporation.com
65
0.946 High
EPSS
Percentile
99.2%
Added: 08/14/2009
CVE: CVE-2009-1534
BID: 35992
OSVDB: 56916
Background
Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
Problem
A buffer overflow vulnerability in the **OWC.Spreadsheet.9** ActiveX control allows command execution when a user loads a web page which instantiates this control and assigns a long string value to the object’s HTMLURL parameter.
Resolution
Apply the update referenced in Microsoft Security Bulletin 09-043.
References
<http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx>
Limitations
Exploit works on Microsoft Office XP SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7.
Platforms
Windows XP
Related
prion
prion
Buffer overflow
2009-08-12 17:30:00
packetstorm
packetstorm
Microsoft OWC Spreadsheet HTMLURL Buffer Overflow
2010-03-03 00:00:00
saint
saint
Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow
2009-08-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow
2009-08-14 00:00:00
Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow
2009-08-14 00:00:00
nvd
nvd
CVE-2009-1534
2009-08-12 17:30:00
cve
cve
CVE-2009-1534
2009-08-12 17:30:00
d2
d2
DSquare Exploit Pack: D2SEC_MS09_043
2009-08-12 17:30:00
securityvulns
securityvulns
cvelist
cvelist
CVE-2009-1534
2009-08-12 17:00:00
openvas
openvas
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
2009-07-18 00:00:00
nessus
nessus
mskb
mskb
checkpoint_advisories
checkpoint_advisories