Check Point Advisories

Update Protection against Microsoft Office Web Components Multiple ActiveX Controls Remote Code Execution Vulnerability (MS09-043)

Check Point Reference: CPAI-2009-121
Date Published: 13 Jul 2009
Severity: Critical
Last Updated: Tuesday 13 October, 2009
Source: Microsoft Security Bulletin MS09-043
Microsoft Security Bulletin MS09-055
Industry Reference:CVE-2009-0562
CVE-2009-1136
CVE-2009-1534
CVE-2009-2493
CVE-2009-2496
Protection Provided by:
Who is Vulnerable? Microsoft Office XP SP3
Microsoft Office 2003 SP3
Microsoft Office XP Web Components
Microsoft Office 2003 Web Components
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system SP1
Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition SP3
Microsoft Internet Security and Acceleration Server 2006
Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 SP1
Microsoft Office Small Business Accounting 2006
Vulnerability Description Multiple remote code execution vulnerabilities have been reported in Microsoft Office Web Components ActiveX Controls. Microsoft Office Web Components are a collection of Component Object Model (COM) controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. A remote attacker can exploit these vulnerabilities by convincing a user to visit a specially crafted Web page. Successful exploitation could result in execution of arbitrary code on the affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS09-043
Microsoft Security Bulletin MS09-055
Vulnerability DetailsThe vulnerabilities are due to a memory corruption error in the Microsoft Office Web Components ActiveX controls that fails to correctly handle parameter values when they are used in Internet Explorer. A remote attacker could exploit this issue by convincing a user to visit a malicious Web page. Successful exploitation of these vulnerabilities could allow remote code execution on the affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK