MicrosoftOffice Web Components Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 14 Jul 2009 4592 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in Microsoft Office Web Components, which could be exploited by remote attackers to compromise an affected system. This issue is caused by a memory corruption error in the "OWC10.DLL" and "OWC11.DLL" ActiveX controls, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Note: This vulnerability is currently being exploited in the wild.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office XP Web Components Service Pack 3
  • Microsoft Office 2003 Web Components Service Pack 3
  • Microsoft ISA Server 2004 Standard Edition Service Pack 3
  • Microsoft ISA Server 2004 Enterprise Edition Service Pack 3
  • Microsoft ISA Server 2006
  • Microsoft ISA Server 2006 Supportability Update
  • Microsoft ISA Server 2006 Service Pack 1
  • Microsoft Office Small Business Accounting 2006

Solutions

There is no patch available for this vulnerability currently.

Please refer to the workaround provided by the vendor.
http://support.microsoft.com/kb/973472/#FixItForMe

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apple Safari WebKit Memory Corruption and Cross Site Scripting Vulnerabilties

10 Jul 2009 4449 Views

Next

Mozilla Firefox Memory Corruption Vulnerability

15 Jul 2009 4487 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY