MS09-043: Vulnerabilities in Microsoft Office Web Components could allow remote code execution

Resolves vulnerabilities in Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.INTRODUCTIONMicrosoft has released security bulletin MS09-043. To view the complete security bulletin, visit one of the following Microsoft Web sites:Home...

Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)

$Id: ms09043owchtmlurl.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft OWC Spreadsheet HTMLURL Buffer Overflow

This module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

Memory corruption

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 2004 SP3 and 2006 SP1, and Office...

CVE-2009-0562

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 2004 SP3 and 2006 SP1, and Office...

CVE-2009-1534

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office We...

Buffer overflow

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office We...

Heap overflow

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 200...

CVE-2009-0562

CVE-2009-0562 describes a heap memory corruption in the Office Web Components ActiveX control (OWC10.DataSourceControl) used by Office XP/2003 Web Components and related components. The vulnerability could allow remote code execution when a user loads a malicious page that loads/unloads the contr...

CVE-2009-2496

Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration ISA Server 200...

CVE-2009-2496

CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...

CVE-2009-1534

CVE-2009-1534 : Buffer overflow in the Office Web Components ActiveX Control used by Microsoft Office Web Components across multiple products (Office XP/2000 Web Components SP3, BizTalk Server 2002, Visual Studio .NET 2003 SP1) enables remote code execution via crafted property values. The issue ...

CVE-2009-1534

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office We...

CVE-2009-1136

The Microsoft Office Web Components Spreadsheet ActiveX control aka OWC10 or OWC11, as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and...

VulnCheck KEV: CVE-2009-1136

The Microsoft Office Web Components Spreadsheet ActiveX control aka OWC10 or OWC11, as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and...

Microsoft Office Web Components Spreadsheet ActiveX control vulnerability

Overview The Microsoft Office Web Components Spreadsheet ActiveX controls OWC10 and OWC11 contain a vulnerability that may allow an attacker to take control of a vulnerable system. Description The Office Web Components Spreadsheet ActiveX control contains a code execution vulnerability. Public...

New Flaw in Microsoft Office Web Components Under Attack

From SearchSecurity Robert Westervelt Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers. The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is...

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

CVE-2007-1201

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."...

CVE-2007-1201

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."...