This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2009-06-10
Product Office Xp Last view 2009-07-15
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:office_xp:sp3:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
9.3 2009-07-15 CVE-2009-1136

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

9.3 2009-06-10 CVE-2009-1533

Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:6292 File Converter Buffer Overflow Vulnerability
oval:org.mitre.oval:def:5809 Office Web Components HTML Script Vulnerability

SAINT Exploits

Description Link
Microsoft Works File Converter FontName buffer overflow More info here
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability More info here

Open Source Vulnerability Database (OSVDB)

id Description
55806 Microsoft Office Web Components OWC10.Spreadsheet ActiveX msDataSourceObject(...
54939 Microsoft Office Works for Windows File Converter .wps Handling Overflow

OpenVAS Exploits

id Description
2009-07-18 Name : Microsoft Office Web Components ActiveX Control Code Execution Vulnerability
File : nvt/gb_ms_office_web_compnts_actvx_code_exec_vuln.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2009-A-0069 Multiple Vulnerabilities in Microsoft Office Web Components
Severity: Category II - VMSKEY: V0019877
2009-B-0025 Microsoft Works Converter Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0019406

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office Spreadsheet 10.0 ActiveX clsid unicode access
RuleID : 7873 - Type : WEB-ACTIVEX - Revision : 9
2014-01-10 Microsoft Office Spreadsheet 10.0 ActiveX clsid access
RuleID : 7872 - Type : BROWSER-PLUGINS - Revision : 17
2014-11-16 Microsoft Office Spreadsheet 10.0 ActiveX clsid access
RuleID : 31759 - Type : BROWSER-PLUGINS - Revision : 2
2014-11-16 Microsoft Office Spreadsheet 10.0 ActiveX function call access
RuleID : 31758 - Type : BROWSER-PLUGINS - Revision : 2
2014-11-16 Microsoft Office Web Components 11 Spreadsheet ActiveX function call access
RuleID : 31757 - Type : BROWSER-PLUGINS - Revision : 2
2014-11-16 Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access
RuleID : 31756 - Type : BROWSER-PLUGINS - Revision : 2
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 18616 - Type : FILE-OFFICE - Revision : 10
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 18615 - Type : FILE-OFFICE - Revision : 14
2014-01-10 Microsoft Office Spreadsheet 10.0 ActiveX function call unicode access
RuleID : 15856 - Type : WEB-ACTIVEX - Revision : 5
2014-01-10 Microsoft Office Spreadsheet 10.0 ActiveX function call access
RuleID : 15855 - Type : BROWSER-PLUGINS - Revision : 10
2014-01-10 Microsoft Office Web Components 11 Spreadsheet ActiveX function call unicode ...
RuleID : 15692 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Office Web Components 11 Spreadsheet ActiveX function call access
RuleID : 15691 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Office Web Components 11 Spreadsheet ActiveX clsid unicode access
RuleID : 15690 - Type : WEB-ACTIVEX - Revision : 6
2014-01-10 Microsoft Office Web Components 11 Spreadsheet ActiveX clsid access
RuleID : 15689 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 15526 - Type : FILE-OFFICE - Revision : 13

Nessus® Vulnerability Scanner

id Description
2009-08-11 Name: Arbitrary code can be executed on the remote host through Microsoft Office We...
File: smb_nt_ms09-043.nasl - Type: ACT_GATHER_INFO
2009-07-14 Name: The remote Windows host contains an ActiveX control that could allow remote c...
File: smb_kb_973472.nasl - Type: ACT_GATHER_INFO
2009-06-10 Name: Arbitrary code can be executed on the remote host through Microsoft Office.
File: smb_nt_ms09-024.nasl - Type: ACT_GATHER_INFO