CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Added: 08/14/2009
CVE: CVE-2009-1534
BID: 35992
OSVDB: 56916
Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
A buffer overflow vulnerability in the **OWC.Spreadsheet.9**
ActiveX control allows command execution when a user loads a web page which instantiates this control and assigns a long string value to the object’s HTMLURL parameter.
Apply the update referenced in Microsoft Security Bulletin 09-043.
<http://www.microsoft.com/technet/security/bulletin/MS09-043.mspx>
Exploit works on Microsoft Office XP SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7.
Windows XP