Microsoft Office Web Components Multiple Vulnerabilities( 12 August 2009 )
RISK: Medium Risk
1. Office Web Components Memory Allocation Vulnerability
A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
2. Office Web Components Heap Corruption Vulnerability
A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
3. Office Web Components HTML Script Vulnerability
A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
4. Office Web Components Buffer Overflow Vulnerability
A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Office Suites
- Microsoft Office XP
- Microsoft Office 2003 - Microsoft Office Web Components
- Microsoft Office 2000 Web Components
- Microsoft Office XP Web Components
- Microsoft Office 2003 Web Components
- Microsoft Office 2003 Web Components for the 2007 Microsoft Office System - Microsoft Internet Security and Acceleration Server
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition - Microsoft BizTalk Server 2002
- Microsoft Visual Studio .NET 2003 Service Pack 1
- Microsoft Office Small Business Accounting 2006
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Microsoft Office Suites
- Microsoft Office XP Service Pack 3
- Microsoft Office 2003 Service Pack 3 - Microsoft Office Web Components
- Microsoft Office 2000 Web Components Service Pack 3
- Microsoft Office XP Web Components Service Pack 3
- Microsoft Office 2003 Web Components Service Pack 3
- Microsoft Office 2003 Web Components Service Pack 1 for the 2007 Microsoft Office System - Microsoft Internet Security and Acceleration Server
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition Service Pack 1
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition Service Pack 1 - Microsoft BizTalk Server 2002
- Microsoft Visual Studio .NET 2003 Service Pack 1
- Microsoft Office Small Business Accounting 2006
Vulnerability Identifier
Source
Related Link
Share with