Remote Code Execution Vulnerability in Microsoft Office Web Components
CVE-2009-1136

Currently unrated

Key Information:

Vendor: Microsoft
Status: Office Web Components; Isa Server; Office; Office Xp
Vendor: CVE Published:; 15 July 2009

Summary

The Microsoft Office Web Components Spreadsheet ActiveX control, used within various versions of Microsoft Office and Internet Explorer, is susceptible to exploitation through a tailored call to the msDataSourceObject method. This vulnerability may allow remote attackers to execute arbitrary code on affected systems, potentially leading to significant security breaches. It was notably exploited in the wild during mid-2009, necessitating immediate attention and remediation. Users of affected products should prioritize applying patches and updates to mitigate risks associated with this security flaw.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://isc.sans.org/diary.html?storyid=6778

x_refsource_MISC

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

third-party-advisoryx_refsource_CERT

EPSS Score

85% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 15, 2009
Vulnerability Reserved
Mar 25, 2009