Release DateMay 14, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a memory-corruption vulnerability in the ActiveX Control of Microsoft Office Web Components.The vulnerability is caused by an error that occurs when the vulnerable software handles malicious parameters of the methods "AddIn" and "Evaluate". It may allow a remote attacker to execute arbitrary code. |
Affected ProductsMicrosoft Office 2003 Service Pack 3 |
Recommended ActionsPlease refer to Microsoft advisory for patches or updates:http://www.microsoft.com/technet/security/Bulletin/ms09-043.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-1136 |
Reference/shttp://www.milw0rm.com/exploits/9224http://www.securityfocus.com/bid/35642 (BugTraq) http://www.milw0rm.com/exploits/9163 http://www.microsoft.com/technet/security/advisory/973472.mspx http://xeye.us/blog/ http://technet.microsoft.com/en-us/security/bulletin/ms09-043.mspx (MS-ID) |
