[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Office Web Components HTML Script Vulnerability

ID: oval:org.mitre.oval:def:5809Date: (C)2009-08-11   (M)2017-10-04
Class: VULNERABILITYFamily: windows




The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

Platform:
Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows 10
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2008 R2
Product:
Microsoft Office XP Web Components
Microsoft Office 2003 Web Components
Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Internet Security and Acceleration Server 2004
Microsoft Internet Security and Acceleration Server 2006
Microsoft Office Small Business Accounting 2006
Reference:
CVE-2009-1136
CVE    1
CVE-2009-1136
CPE    9
cpe:/a:microsoft:office_web_components:xp
cpe:/a:microsoft:office_small_business_accounting:2006
cpe:/a:microsoft:isa_server:2004
cpe:/a:microsoft:office_web_components:2003
...

© 2013 SecPod Technologies