|MS09-043||Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)||Microsoft Internet||Critical||12-08-2009|
Brief overview of the risk:
This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.
Detailed Information on the risk:
A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Further information on this exploit is available at : MS09-043
Affected SoftwareMicrosoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Visual Studio .NET 2003 Service Pack 1