13 matches found
CVE-2012-0158
CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...
CVE-2012-1856
CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...
CVE-2009-0562
CVE-2009-0562 describes a heap memory corruption in the Office Web Components ActiveX control (OWC10.DataSourceControl) used by Office XP/2003 Web Components and related components. The vulnerability could allow remote code execution when a user loads a malicious page that loads/unloads the contr...
CVE-2009-1136
CVE-2009-1136 affects the Microsoft Office Web Components Spreadsheet ActiveX control (OWC10/OWC11) bundled with Office XP SP3, Office 2003 SP3, and related Web Components/ISA configurations. A crafted call to msDataSourceObject in Internet Explorer allows remote code execution; this vulnerabilit...
CVE-2009-2496
CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...
CVE-2009-1534
CVE-2009-1534 : Buffer overflow in the Office Web Components ActiveX Control used by Microsoft Office Web Components across multiple products (Office XP/2000 Web Components SP3, BizTalk Server 2002, Visual Studio .NET 2003 SP1) enables remote code execution via crafted property values. The issue ...
CVE-2006-4695
CVE-2006-4695 is a remote-code-execution vulnerability in Microsoft Office Web Components 2000 (OWC) due to a buffer/stack overflow when parsing specially crafted URLs in the OWC.Spreadsheet.9 ActiveX control. Exploitation could occur when a user views a malicious page, potentially giving the att...
CVE-2002-0727
The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...
CVE-2002-1340
The vulnerability CVE-2002-1340 affects Office Web Components (OWC) DataSourceControl’s property in OWC 10. An attacker can remotely determine the existence of local files by triggering an exception, revealing information about local file presence. The available documents do not specify affected...
CVE-2002-0860
The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...
CVE-2002-0861
CVE-2002-0861 affects Microsoft Office Web Components (OWC) 2000 and 2002. The vulnerability arises from a bypass of the setting “Allow paste operations via script,” allowing a remote attacker to paste via script despite the setting being disabled. The issue is triggered through the (1) Copy meth...
CVE-2002-1339
CVE-2002-1339 affects the Spreadsheet component of Office Web Components (OWC) 10. The XMLURL property follows redirections, enabling remote attackers to infer the existence of local files from error responses or to read Worksheet XML files. The provided sources confirm the vulnerability descript...
CVE-2002-1338
CVE-2002-1338 affects the Chart component in Office Web Components (OWC) 9 and 10. The Load method throws an exception when a referenced file does not exist, which can be leveraged by an attacker to determine the existence of local files on the target system. The issue is described in multiple so...