Lucene search
K
MicrosoftOffice Web Components

13 matches found

CVE
CVE
added 2012/04/10 9:0 p.m.1730 views

CVE-2012-0158

CVE-2012-0158 is a Microsoft/MSCOMCTL.OCX (MS Office) vulnerability that enables remote code execution via a crafted file or document. The initial entry lists vulnerable controls in MSCOMCTL.OCX and notes exploitation in the wild around April 2012 (aka “MSCOMCTL.OCX RCE Vulnerability”). Connected...

9.3CVSS7.8AI score0.99966EPSS
In wild
CVE
CVE
added 2012/08/15 1:0 a.m.1270 views

CVE-2012-1856

CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...

9.3CVSS7.9AI score0.72119EPSS
In wild
CVE
CVE
added 2009/08/12 5:0 p.m.127 views

CVE-2009-0562

CVE-2009-0562 describes a heap memory corruption in the Office Web Components ActiveX control (OWC10.DataSourceControl) used by Office XP/2003 Web Components and related components. The vulnerability could allow remote code execution when a user loads a malicious page that loads/unloads the contr...

9.3CVSS7.5AI score0.2565EPSS
CVE
CVE
added 2009/07/15 3:0 p.m.124 views

CVE-2009-1136

CVE-2009-1136 affects the Microsoft Office Web Components Spreadsheet ActiveX control (OWC10/OWC11) bundled with Office XP SP3, Office 2003 SP3, and related Web Components/ISA configurations. A crafted call to msDataSourceObject in Internet Explorer allows remote code execution; this vulnerabilit...

9.3CVSS7.2AI score0.6202EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.108 views

CVE-2009-2496

CVE-2009-2496 : Heap-based/heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control of Microsoft Office Web Components. Exploitation requires a user to load a malicious web page and trigger a specific sequence of method calls, leading to remote code execution. Affected products incl...

9.3CVSS8AI score0.29462EPSS
CVE
CVE
added 2009/08/12 5:0 p.m.99 views

CVE-2009-1534

CVE-2009-1534 : Buffer overflow in the Office Web Components ActiveX Control used by Microsoft Office Web Components across multiple products (Office XP/2000 Web Components SP3, BizTalk Server 2002, Visual Studio .NET 2003 SP1) enables remote code execution via crafted property values. The issue ...

9.3CVSS7.8AI score0.5161EPSS
Web
CVE
CVE
added 2008/03/11 11:0 p.m.65 views

CVE-2006-4695

CVE-2006-4695 is a remote-code-execution vulnerability in Microsoft Office Web Components 2000 (OWC) due to a buffer/stack overflow when parsing specially crafted URLs in the OWC.Spreadsheet.9 ActiveX control. Exploitation could occur when a user views a malicious page, potentially giving the att...

9.3CVSS7.1AI score0.4014EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.47 views

CVE-2002-0727

The CVE-2002-0727 entry concerns Microsoft Office Web Components (OWC) 2000 and 2002. The Host function is exposed in components marked as safe for scripting, enabling a remote attacker to execute arbitrary commands through the setTimeout method. This defines the vulnerable component/function and...

7.5CVSS8AI score0.18846EPSS
CVE
CVE
added 2002/12/11 5:0 a.m.47 views

CVE-2002-1340

The vulnerability CVE-2002-1340 affects Office Web Components (OWC) DataSourceControl’s property in OWC 10. An attacker can remotely determine the existence of local files by triggering an exception, revealing information about local file presence. The available documents do not specify affected...

5CVSS6.9AI score0.11968EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-0860

The CVE-2002-0860 vulnerability affects Microsoft Office Web Components (OWC) 2000 and 2002, where the LoadText method in the spreadsheet component allows a remote attacker using an Internet Explorer URL redirect to read arbitrary local files. Underlying issue: inadequate URL handling in the OWC ...

5CVSS6.6AI score0.18766EPSS
CVE
CVE
added 2002/08/23 4:0 a.m.45 views

CVE-2002-0861

CVE-2002-0861 affects Microsoft Office Web Components (OWC) 2000 and 2002. The vulnerability arises from a bypass of the setting “Allow paste operations via script,” allowing a remote attacker to paste via script despite the setting being disabled. The issue is triggered through the (1) Copy meth...

7.5CVSS7.1AI score0.15829EPSS
CVE
CVE
added 2002/12/11 5:0 a.m.44 views

CVE-2002-1339

CVE-2002-1339 affects the Spreadsheet component of Office Web Components (OWC) 10. The XMLURL property follows redirections, enabling remote attackers to infer the existence of local files from error responses or to read Worksheet XML files. The provided sources confirm the vulnerability descript...

5CVSS6.8AI score0.11968EPSS
CVE
CVE
added 2002/12/11 5:0 a.m.41 views

CVE-2002-1338

CVE-2002-1338 affects the Chart component in Office Web Components (OWC) 9 and 10. The Load method throws an exception when a referenced file does not exist, which can be leveraged by an attacker to determine the existence of local files on the target system. The issue is described in multiple so...

5CVSS6.9AI score0.23436EPSS