ID |
CVE-2009-0562
|
Summary |
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:isa_server:2004:sp3:enterprise:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2004:sp3:enterprise:*:*:*:*:*
-
cpe:2.3:a:microsoft:isa_server:2004:sp3:standard:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2004:sp3:standard:*:*:*:*:*
-
cpe:2.3:a:microsoft:isa_server:2006:sp1:enterprise:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2006:sp1:enterprise:*:*:*:*:*
-
cpe:2.3:a:microsoft:isa_server:2006:sp1:standard:*:*:*:*:*
cpe:2.3:a:microsoft:isa_server:2006:sp1:standard:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:-:*:small_business_accounting_2006:*:*:*:*:*
cpe:2.3:a:microsoft:office:-:*:small_business_accounting_2006:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_web_components:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_components:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_web_components:2003:sp1:2007_microsoft_office:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_components:2003:sp1:2007_microsoft_office:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office_web_components:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office_web_components:xp:sp3:*:*:*:*:*:*
|
CVSS |
Base: | 9.3 (as of 12-10-2018 - 21:50) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
msbulletin
via4
|
bulletin_id | MS09-043 | bulletin_url | | date | 2009-08-11T00:00:00 | impact | Remote Code Execution | knowledgebase_id | 957638 | knowledgebase_url | | severity | Critical | title | Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution |
|
oval
via4
|
accepted | 2014-06-30T04:11:17.884-04:00 | class | vulnerability | contributors | name | Dragos Prisaca | organization | Gideon Technologies, Inc. |
name | Mike Lah | organization | The MITRE Corporation |
name | Josh Turpin | organization | Symantec Corporation |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Microsoft Office XP is installed | oval | oval:org.mitre.oval:def:663 |
comment | Microsoft Office XP Web Components is installed | oval | oval:org.mitre.oval:def:6283 |
comment | Microsoft Office 2003 Web Components is installed | oval | oval:org.mitre.oval:def:6189 |
comment | Microsoft Office 2007 is installed | oval | oval:org.mitre.oval:def:1211 |
comment | Microsoft Office 2003 Web Components is installed | oval | oval:org.mitre.oval:def:6189 |
comment | Microsoft Internet Security and Acceleration Server 2004 | oval | oval:org.mitre.oval:def:5940 |
comment | Microsoft Internet Security and Acceleration Server 2006 | oval | oval:org.mitre.oval:def:6052 |
comment | Microsoft Visual Studio .NET 2003 SP1 is installed | oval | oval:org.mitre.oval:def:168 |
comment | Microsoft Office Small Business Accounting 2006 is installed | oval | oval:org.mitre.oval:def:6181 |
| description | The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability." | family | windows | id | oval:org.mitre.oval:def:6337 | status | accepted | submitted | 2009-08-11T13:00:00 | title | Office Web Components Memory Allocation Vulnerability | version | 11 |
|
refmap
via4
|
cert | TA09-223A | sectrack | 1022708 |
|
saint
via4
|
bid | 35990 | description | Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation | id | win_patch_owcrce | osvdb | 56914 | title | ms_office_web_components_datasourcecontrol | type | client |
|
Last major update |
12-10-2018 - 21:50 |
Published |
12-08-2009 - 17:30 |
Last modified |
12-10-2018 - 21:50 |