Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability

Added: 07/14/2009
CVE: CVE-2009-1136
BID: 35642
OSVDB: 55806

Background

Microsoft Office Web Components (OWC) are a group of OLE classes implemented as ActiveX controls.

Problem

A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the Evaluate method of the OWC.Spreadsheet ActiveX control.

Resolution

Set the kill bits on the {0002E541-0000-0000-C000-000000000046} and {0002E559-0000-0000-C000-000000000046} class IDs as described in Microsoft Knowledge Base Article 240797.

References

http://www.microsoft.com/technet/security/advisory/973472.mspx

Limitations

Exploit works on Microsoft Office XP and 2003 SP3 and requires a user to open the exploit page in Internet Explorer 6 or 7.

The success of this exploit may depend on the state of the target's memory.

Platforms

Windows

Back to exploit index