Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

Added: 08/27/2009
CVE: CVE-2009-0562
BID: 35990
OSVDB: 56914


Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.


A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a user opens a web page which loads and unloads this control.


Apply the update referenced in Microsoft Security Bulletin 09-043.



Exploit works on Microsoft Office 2003 SP3 on Windows XP SP3 English with DEP enabled and requires a user to load the exploit page in Internet Explorer 6 or 7. After the published page is loaded in Internet Explorer, the target user must move the mouse in order to trigger the vulnerability. Note that this exploit is not 100% reliable due to the nature of heap memory corruption.


Windows XP

Back to exploit index