<< Back
CVE Number Vulnerability Product Severity Date
MS09-043 Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) Microsoft Internet Critical 12-08-2009

Technical Information

Brief overview of the risk:
This security update resolves several privately reported vulnerabilities in Microsoft Office Web Components that could allow remote code execution if a user viewed a specially crafted Web page.

Detailed Information on the risk:

A remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.


Further information on this exploit is available at : MS09-043

Affected Software

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Visual Studio .NET 2003 Service Pack 1