Heap-Based Buffer Overflow in Microsoft Office ActiveX Control
CVE-2009-2496

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Studio .net; Office Web Components; Biztalk Server; Office
Vendor: CVE Published:; 12 August 2009

What is CVE-2009-2496?

A vulnerability in the Office Web Components ActiveX Control allows remote attackers to execute arbitrary code by exploiting a heap-based buffer overflow. This issue is present in several versions of Microsoft Office and its related components, leading to potential system compromise through the manipulation of input parameters. The vulnerability underscores the importance of securing ActiveX controls, especially in corporate environments relying on Microsoft solutions.

References

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

third-party-advisoryx_refsource_CERT

http://www.securitytracker.com/id?1022708

vdb-entryx_refsource_SECTRACK

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

61% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2009
Vulnerability Reserved
Jul 17, 2009