Microsoft Office Web Components Two Vulnerabilites( 12 March 2008 )

Last Update Date: 28 Jan 2011 Release Date: 12 Mar 2008 4349 Views

RISK: Medium Risk

Medium Risk

1. Office Web Components URL Parsing Vulnerability

A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources when parsing specially crafted URLs. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

2. Office Web Components DataSource Vulnerability

A remote code execution vulnerability exists in the way Microsoft Office Web Components manages memory resources. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office Web Components 2000 (Client)
    - Microsoft Office 2000 Service Pack 3
    - Microsoft Office XP Service Pack 3
    - Visual Studio .NET 2002 Service Pack 1
    - Visual Studio .NET 2003 Service Pack 1
  • Microsoft Office Web Components 2000 (Server)
    - Microsoft BizTalk Server 2000
    - Microsoft BizTalk Server 2002
    - Microsoft Commerce Server 2000
    - Internet Security and Acceleration Server 2000 Service Pack 2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Download locations for this patch

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Outlook URI Vulnerability( 12 March 2008 )

12 Mar 2008 4253 Views

Next

McAfee ePolicy Orchestrator "logDetail()" Format String Vulnerability

14 Mar 2008 4482 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY