Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for office_xp by microsoft

    CVE-2009-1136 (GCVE-0-2009-1136)

    Vulnerability from nvd – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:04
    VLAI KEVIntel
    Summary
    The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2009-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:47.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5809",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://isc.sans.org/diary.html?storyid=6778"
              },
              {
                "name": "TA09-223A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://xeye.us/blog/2009/07/one-0day/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
              },
              {
                "name": "MS09-043",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka \"Office Web Components HTML Script Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5809",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://isc.sans.org/diary.html?storyid=6778"
            },
            {
              "name": "TA09-223A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://xeye.us/blog/2009/07/one-0day/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
            },
            {
              "name": "MS09-043",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-1136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka \"Office Web Components HTML Script Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5809",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
                },
                {
                  "name": "http://isc.sans.org/diary.html?storyid=6778",
                  "refsource": "MISC",
                  "url": "http://isc.sans.org/diary.html?storyid=6778"
                },
                {
                  "name": "TA09-223A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/973472.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
                },
                {
                  "name": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
                },
                {
                  "name": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
                },
                {
                  "name": "http://xeye.us/blog/2009/07/one-0day/",
                  "refsource": "MISC",
                  "url": "http://xeye.us/blog/2009/07/one-0day/"
                },
                {
                  "name": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb",
                  "refsource": "MISC",
                  "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
                },
                {
                  "name": "MS09-043",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-1136",
        "datePublished": "2009-07-15T15:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:47.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1533 (GCVE-0-2009-1533)

    Vulnerability from nvd – Published: 2009-06-10 17:37 – Updated: 2024-08-07 05:13
    VLAI
    Summary
    Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/1543 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35371 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/35184 vdb-entryx_refsource_BID
    http://osvdb.org/54939 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1022355 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA09-160A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1022354 vdb-entryx_refsource_SECTRACK
    http://jvn.jp/en/jp/JVN70858401/index.html third-party-advisoryx_refsource_JVN
    http://blogs.technet.com/srd/archive/2009/06/09/m… x_refsource_MISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2009-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:13:25.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-1543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1543"
              },
              {
                "name": "35371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35371"
              },
              {
                "name": "35184",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35184"
              },
              {
                "name": "54939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54939"
              },
              {
                "name": "1022355",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022355"
              },
              {
                "name": "MS09-024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
              },
              {
                "name": "TA09-160A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
              },
              {
                "name": "1022354",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022354"
              },
              {
                "name": "JVN#70858401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
              },
              {
                "name": "oval:org.mitre.oval:def:6292",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka \"File Converter Buffer Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2009-1543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1543"
            },
            {
              "name": "35371",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35371"
            },
            {
              "name": "35184",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35184"
            },
            {
              "name": "54939",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54939"
            },
            {
              "name": "1022355",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022355"
            },
            {
              "name": "MS09-024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
            },
            {
              "name": "TA09-160A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "1022354",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022354"
            },
            {
              "name": "JVN#70858401",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:6292",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-1533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka \"File Converter Buffer Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-1543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1543"
                },
                {
                  "name": "35371",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35371"
                },
                {
                  "name": "35184",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35184"
                },
                {
                  "name": "54939",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54939"
                },
                {
                  "name": "1022355",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022355"
                },
                {
                  "name": "MS09-024",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
                },
                {
                  "name": "TA09-160A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
                },
                {
                  "name": "1022354",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022354"
                },
                {
                  "name": "JVN#70858401",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
                },
                {
                  "name": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx",
                  "refsource": "MISC",
                  "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
                },
                {
                  "name": "oval:org.mitre.oval:def:6292",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-1533",
        "datePublished": "2009-06-10T17:37:00.000Z",
        "dateReserved": "2009-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:13:25.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1136 (GCVE-0-2009-1136)

    Vulnerability from cvelistv5 – Published: 2009-07-15 15:00 – Updated: 2024-08-07 05:04
    VLAI KEVIntel
    Summary
    The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2009-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:04:47.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oval:org.mitre.oval:def:5809",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://isc.sans.org/diary.html?storyid=6778"
              },
              {
                "name": "TA09-223A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://xeye.us/blog/2009/07/one-0day/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
              },
              {
                "name": "MS09-043",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka \"Office Web Components HTML Script Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "oval:org.mitre.oval:def:5809",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://isc.sans.org/diary.html?storyid=6778"
            },
            {
              "name": "TA09-223A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://xeye.us/blog/2009/07/one-0day/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
            },
            {
              "name": "MS09-043",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-1136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka \"Office Web Components HTML Script Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oval:org.mitre.oval:def:5809",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5809"
                },
                {
                  "name": "http://isc.sans.org/diary.html?storyid=6778",
                  "refsource": "MISC",
                  "url": "http://isc.sans.org/diary.html?storyid=6778"
                },
                {
                  "name": "TA09-223A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
                },
                {
                  "name": "http://www.microsoft.com/technet/security/advisory/973472.mspx",
                  "refsource": "CONFIRM",
                  "url": "http://www.microsoft.com/technet/security/advisory/973472.mspx"
                },
                {
                  "name": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/srd/archive/2009/07/13/more-information-about-the-office-web-components-activex-vulnerability.aspx"
                },
                {
                  "name": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx",
                  "refsource": "CONFIRM",
                  "url": "http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx"
                },
                {
                  "name": "http://xeye.us/blog/2009/07/one-0day/",
                  "refsource": "MISC",
                  "url": "http://xeye.us/blog/2009/07/one-0day/"
                },
                {
                  "name": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb",
                  "refsource": "MISC",
                  "url": "http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/browser/owc_spreadsheet_msdso.rb"
                },
                {
                  "name": "MS09-043",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-1136",
        "datePublished": "2009-07-15T15:00:00.000Z",
        "dateReserved": "2009-03-25T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:04:47.977Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1533 (GCVE-0-2009-1533)

    Vulnerability from cvelistv5 – Published: 2009-06-10 17:37 – Updated: 2024-08-07 05:13
    VLAI
    Summary
    Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2009/1543 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/35371 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/35184 vdb-entryx_refsource_BID
    http://osvdb.org/54939 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1022355 vdb-entryx_refsource_SECTRACK
    https://docs.microsoft.com/en-us/security-updates… vendor-advisoryx_refsource_MS
    http://www.us-cert.gov/cas/techalerts/TA09-160A.html third-party-advisoryx_refsource_CERT
    http://www.securitytracker.com/id?1022354 vdb-entryx_refsource_SECTRACK
    http://jvn.jp/en/jp/JVN70858401/index.html third-party-advisoryx_refsource_JVN
    http://blogs.technet.com/srd/archive/2009/06/09/m… x_refsource_MISC
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    Date Public
    2009-06-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:13:25.653Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2009-1543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2009/1543"
              },
              {
                "name": "35371",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/35371"
              },
              {
                "name": "35184",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/35184"
              },
              {
                "name": "54939",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/54939"
              },
              {
                "name": "1022355",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022355"
              },
              {
                "name": "MS09-024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MS",
                  "x_transferred"
                ],
                "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
              },
              {
                "name": "TA09-160A",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
              },
              {
                "name": "1022354",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1022354"
              },
              {
                "name": "JVN#70858401",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
              },
              {
                "name": "oval:org.mitre.oval:def:6292",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2009-06-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka \"File Converter Buffer Overflow Vulnerability.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-12T19:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ADV-2009-1543",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1543"
            },
            {
              "name": "35371",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/35371"
            },
            {
              "name": "35184",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/35184"
            },
            {
              "name": "54939",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/54939"
            },
            {
              "name": "1022355",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022355"
            },
            {
              "name": "MS09-024",
              "tags": [
                "vendor-advisory",
                "x_refsource_MS"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
            },
            {
              "name": "TA09-160A",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
            },
            {
              "name": "1022354",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1022354"
            },
            {
              "name": "JVN#70858401",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:6292",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2009-1533",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka \"File Converter Buffer Overflow Vulnerability.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2009-1543",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2009/1543"
                },
                {
                  "name": "35371",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/35371"
                },
                {
                  "name": "35184",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/35184"
                },
                {
                  "name": "54939",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/54939"
                },
                {
                  "name": "1022355",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022355"
                },
                {
                  "name": "MS09-024",
                  "refsource": "MS",
                  "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-024"
                },
                {
                  "name": "TA09-160A",
                  "refsource": "CERT",
                  "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
                },
                {
                  "name": "1022354",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1022354"
                },
                {
                  "name": "JVN#70858401",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN70858401/index.html"
                },
                {
                  "name": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx",
                  "refsource": "MISC",
                  "url": "http://blogs.technet.com/srd/archive/2009/06/09/ms09-024.aspx"
                },
                {
                  "name": "oval:org.mitre.oval:def:6292",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6292"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2009-1533",
        "datePublished": "2009-06-10T17:37:00.000Z",
        "dateReserved": "2009-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-07T05:13:25.653Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }