VUPEN - Microsoft Office Web Components Remote Code Execution (MS09-043) / Exploit (Security Advisories - VUPEN/ADV-2009-1867)

	About Us \| Contact Us

VUPEN Free Resources

VUPEN Security Advisories

VUPEN Security Blog & News

Zero-day Attacks Monitor

Daily Security Mailinglist

Explanation of Terms

Advanced Search Engine

Microsoft Office Web Components Remote Code Execution (MS09-043)

VUPEN ID	VUPEN/ADV-2009-1867
CVE ID	CVE-2009-0562 - CVE-2009-1136 - CVE-2009-1534 - CVE-2009-2496
CWE ID	Available in VUPEN VNS Customer Area
CVSS V2	Available in VUPEN VNS Customer Area
Rated as	Critical
Impact	Available in VUPEN VNS Customer Area
Authentication Level	Available in VUPEN VNS Customer Area
Access Vector	Available in VUPEN VNS Customer Area
Release Date	2009-07-13
Share

Technical Description

A vulnerability has been identified in Microsoft Office Web Components, which could be exploited by remote attackers to compromise an affected system. This issue is caused by a memory corruption error in the "OWC10.DLL" and "OWC11.DLL" ActiveX controls, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Note: This vulnerability is currently being exploited in the wild.

Other memory corruption and buffer overflow issues have also been reported.

Affected Products

Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office XP Web Components Service Pack 3
Microsoft Office 2003 Web Components Service Pack 3
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
Microsoft Internet Security and Acceleration Server 2006
Microsoft Internet Security and Acceleration Server 2006 Supportability Update
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
Microsoft Office Small Business Accounting 2006

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx

References

http://www.vupen.com/english/advisories/2009/1867
http://www.microsoft.com/technet/security/Bulletin/MS09-043.mspx
http://www.microsoft.com/technet/security/advisory/973472.mspx
http://www.metasploit.com/modules/exploit/windows/browser/ms09_043_owc_htmlurl

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.

Public Exploit or PoC

Available in customer area as part of VUPEN Vulnerability Notification Service.

Credits

Vulnerabilities reported by Peter Vreugdenhil (ZDI) and Sean Larsson (VeriSign iDefense Labs).

Changelog

2009-07-13 : Initial release
2009-07-15 : Updated Solution
2009-08-11 : Updated Solution

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Monthly Statistics

VUPEN Security Advisories By Criticality: Sep 2010
Critical Risk	: 18%
High Risk	: 5%
Moderate Risk	: 46%
Low Risk	: 31%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.

Try VUPEN VNS

© 2004-2010 VUPEN Security - Copyright - Privacy Policy