 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800845 |
| Categoría: | Windows : Microsoft Bulletins |
| Título: | Microsoft Office Web Components ActiveX Control Code Execution Vulnerability |
| Resumen: | Microsoft Office Web Components ActiveX Control is prone to a code execution vulnerability. |
| Descripción: | Summary: Microsoft Office Web Components ActiveX Control is prone to a code execution vulnerability. Vulnerability Insight: - Error exists in the OWC10.Spreadsheet ActiveX control that can be exploited via specially crafted parameters passed to the 'msDataSourceObject()' method. - Error occurs when loading and unloading the OWC10 ActiveX control. - Error exists in the OWC10.Spreadsheet ActiveX control related to the 'BorderAround()' method via accessing certain methods in a specific order. - A boundary error in the Office Web Components ActiveX control which can be exploited to cause a buffer overflow. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary code which may result in a Denial of Service condition on the affected system. Affected Software/OS: - Microsoft Office XP/2003 SP 3 and prior - Microsoft Visual Studio .NET 2003 SP 1 and prior - Microsoft Office XP/2003 Web Components SP 3 and prior - Microsoft ISA Server 2004 Standard/Enterprise SP 3 and prior - Microsoft ISA Server 2006 Standard/Enterprise SP 1 and prior - Microsoft Office 2003 Web Components for 2007 - Microsoft Office system SP 1 Solution: The vendor has released updates. Please see the references for more information. As a workaround set the killbit for the following CLSIDs: {0002E541-0000-0000-C000-000000000046}, {0002E559-0000-0000-C000-000000000046}, {0002E55B-0000-0000-C000-000000000046} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-1136 Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html http://isc.sans.org/diary.html?storyid=6778 http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb http://xeye.us/blog/2009/07/one-0day/ Microsoft Security Bulletin: MS09-043 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809 Common Vulnerability Exposure (CVE) ID: CVE-2009-0562 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6337 http://www.securitytracker.com/id?1022708 Common Vulnerability Exposure (CVE) ID: CVE-2009-2496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5645 Common Vulnerability Exposure (CVE) ID: CVE-2009-1534 BugTraq ID: 35992 http://www.securityfocus.com/bid/35992 http://osvdb.org/56916 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326 |
| Copyright | Copyright (C) 2009 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |