Microsoft Office Web Components OWC.Spreadsheet BorderAround vulnerability

Added: 08/24/2009
CVE: CVE-2009-2496
BID: 35991
OSVDB: 56915


Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.


A heap corruption vulnerability in the OWC10.Spreadsheet ActiveX control allows command execution when a user opens a web page which accesses certain methods in a certain order.


Apply the patch referenced in Microsoft Security Bulletin 09-043.



Exploit works on Microsoft Office XP SP3 and requires a user to open the exploit page in Internet Explorer 6 or 7.

The target system must have at least 2G virtual memory allocated.

After the exploit page is loaded into Internet Explorer, there may be a long delay before the exploit succeeds.


Windows XP

Back to exploit index