CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.6%
Added: 03/12/2008
CVE: CVE-2006-4695
BID: 28135
OSVDB: 42711
Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.
A buffer overflow vulnerability in the **OWC.Spreadsheet.9**
ActiveX control allows command execution when a user loads a web page which instantiates this control with a long, specially crafted URL in the **CSVData**
field.
Apply the update referenced in Microsoft Security Bulletin 08-017.
<http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx>
Exploit works on Microsoft Office 2000 and XP and requires a user to load the exploit page in Internet Explorer.
Windows