Content
(MS09-043) Microsoft Office Web Components HTML Script Vulnerability (967638)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2009-1136,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Office XP SP3,
- Office 2003 SP3,
- Office Web Components Xp,
- Office Web Components 2003,
- Internet Security And Acceleration Server ,
- Internet Security and Acceleration Server 2006 SP1,
- Office Small Business Accounting 2006,
- Summary
- A vulnerability in Microsoft Office Web Components may allow remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Office Web Components may allow remote code execution. The flaw is specific to the use of a specific ActiveX control within Internet Explorer. Upon exploitation, the system may be left in a state which could allow an attacker to run arbitrary code. The affected control can be identified via the following CLSIDs: 0002E559-0000-0000-C000-000000000046 0002E541-0000-0000-C000-000000000046 Exploitation can be achieved via a specially-crafted web page, designed to target this vulnerability.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- Microsoft Office Web Components ActiveX Code Execution Vulnerability (973472)
- Signature identifier:
- 6835
- Release date:
- 7/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Office Web Components Remote Code Execution
- Signature identifier:
- 0x40264100
- Release date:
- 7/14/2009
- First released in:
- 4.1.53 and 5.1.23
McAfee Anti-Virus protection
Detection will be provided in the 5676 for all products.
- Signature:
- Exploit-CVE2009-1136
- Release date:
- 7/13/2009
- First released in:
- 5676
Additional Resources
Microsoft Security Advisory (973472) Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/973472.mspx
Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
All Information
Timeline -
8/11/2009
Vendor has provided a patch.
7/21/2009
A proof of concept has been released.
7/16/2009
A proof of concept has been released.
7/13/2009
Vendor has provided information on the vulnerability.
7/13/2009
http://vil.nai.com/vil/content/v_179225.htm
Description -
A vulnerability in Microsoft Office Web Components may allow remote code execution. The flaw is specific to the use of a specific ActiveX control within Internet Explorer. Upon exploitation, the system may be left in a state which could allow an attacker to run arbitrary code. The affected control can be identified via the following CLSIDs: 0002E559-0000-0000-C000-000000000046 0002E541-0000-0000-C000-000000000046 Exploitation can be achieved via a specially-crafted web page, designed to target this vulnerability.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- Microsoft Office Web Components ActiveX Code Execution Vulnerability (973472)
- Signature identifier:
- 6835
- Release date:
- 7/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft Office Web Components Remote Code Execution
- Signature identifier:
- 0x40264100
- Release date:
- 7/14/2009
- First released in:
- 4.1.53 and 5.1.23
McAfee Anti-Virus protection
Detection will be provided in the 5676 for all products.
- Signature:
- Exploit-CVE2009-1136
- Release date:
- 7/13/2009
- First released in:
- 5676
Additional Resources
Additional Resources -
Microsoft Security Advisory (973472) Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/973472.mspx
Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)
http://www.microsoft.com/technet/security/bulletin/ms09-043.mspx