Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2009-06-10 |
Product | Office Xp | Last view | 2009-07-15 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:a:microsoft:office_xp:sp3:*:*:*:*:*:*:* | 2 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2009-07-15 | CVE-2009-1136 | The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability." |
9.3 | 2009-06-10 | CVE-2009-1533 | Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
50% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:6292 | File Converter Buffer Overflow Vulnerability |
oval:org.mitre.oval:def:5809 | Office Web Components HTML Script Vulnerability |
SAINT Exploits
Description | Link |
---|---|
Microsoft Works File Converter FontName buffer overflow | More info here |
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
55806 | Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject(... |
54939 | Microsoft Office Works for Windows File Converter .wps Handling Overflow |
OpenVAS Exploits
id | Description |
---|---|
2009-07-18 | Name : Microsoft Office Web Components ActiveX Control Code Execution Vulnerability File : nvt/gb_ms_office_web_compnts_actvx_code_exec_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2009-A-0069 | Multiple Vulnerabilities in Microsoft Office Web Components Severity: Category II - VMSKEY: V0019877 |
2009-B-0025 | Microsoft Works Converter Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0019406 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access RuleID : 7873 - Type : WEB-ACTIVEX - Revision : 9 |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 7872 - Type : BROWSER-PLUGINS - Revision : 17 |
2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX clsid access RuleID : 31759 - Type : BROWSER-PLUGINS - Revision : 2 |
2014-11-16 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 31758 - Type : BROWSER-PLUGINS - Revision : 2 |
2014-11-16 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call access RuleID : 31757 - Type : BROWSER-PLUGINS - Revision : 2 |
2014-11-16 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access RuleID : 31756 - Type : BROWSER-PLUGINS - Revision : 2 |
2014-01-10 | Microsoft Works 4.x converter font name buffer overflow attempt RuleID : 18616 - Type : FILE-OFFICE - Revision : 10 |
2014-01-10 | Microsoft Works 4.x converter font name buffer overflow attempt RuleID : 18615 - Type : FILE-OFFICE - Revision : 14 |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call unicode access RuleID : 15856 - Type : WEB-ACTIVEX - Revision : 5 |
2014-01-10 | Microsoft Office Spreadsheet 10.0 ActiveX function call access RuleID : 15855 - Type : BROWSER-PLUGINS - Revision : 10 |
2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call unicode ... RuleID : 15692 - Type : WEB-ACTIVEX - Revision : 6 |
2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX function call access RuleID : 15691 - Type : BROWSER-PLUGINS - Revision : 11 |
2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid unicode access RuleID : 15690 - Type : WEB-ACTIVEX - Revision : 6 |
2014-01-10 | Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access RuleID : 15689 - Type : BROWSER-PLUGINS - Revision : 11 |
2014-01-10 | Microsoft Works 4.x converter font name buffer overflow attempt RuleID : 15526 - Type : FILE-OFFICE - Revision : 13 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2009-08-11 | Name: Arbitrary code can be executed on the remote host through Microsoft Office We... File: smb_nt_ms09-043.nasl - Type: ACT_GATHER_INFO |
2009-07-14 | Name: The remote Windows host contains an ActiveX control that could allow remote c... File: smb_kb_973472.nasl - Type: ACT_GATHER_INFO |
2009-06-10 | Name: Arbitrary code can be executed on the remote host through Microsoft Office. File: smb_nt_ms09-024.nasl - Type: ACT_GATHER_INFO |