Lucene search

SAINT CorporationSAINT:B55D41F895B010F02A8CEEEB5C7C2FB7

HistoryMar 12, 2008 - 12:00 a.m.

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

2008-03-1200:00:00

SAINT Corporation

download.saintcorporation.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.86

Percentile

98.6%

JSON

Added: 03/12/2008
CVE: CVE-2006-4695
BID: 28135
OSVDB: 42711

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A buffer overflow vulnerability in the **OWC.Spreadsheet.9** ActiveX control allows command execution when a user loads a web page which instantiates this control with a long, specially crafted URL in the **CSVData** field.

Resolution

Apply the update referenced in Microsoft Security Bulletin 08-017.

References

<http://www.microsoft.com/technet/security/bulletin/MS08-017.mspx>

Limitations

Exploit works on Microsoft Office 2000 and XP and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.86

Percentile

98.6%

JSON

Related for SAINT:B55D41F895B010F02A8CEEEB5C7C2FB7