Memory Allocation Vulnerability in Microsoft Office and ISA Server
CVE-2009-0562

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Web Components; Office; Isa Server
Vendor: CVE Published:; 12 August 2009

Summary

The Office Web Components ActiveX Control in various Microsoft Office products exhibits a memory allocation flaw that could be exploited by remote attackers. This vulnerability allows unauthorized execution of arbitrary code when specific conditions lead to 'system state' corruption. Users of Microsoft Office XP SP3, Office 2003 SP3, and related products should remain vigilant, as the exploitation could potentially compromise system integrity.

References

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1022708

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

65% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2009
Vulnerability Reserved
Feb 12, 2009