← Back

CVE-2009-0562

nvd nist
Published: Aug 12, 2009Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."

Affected (11)

Microsoft
3 products
Isa Server
Office
Office Web Components
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Isa Server
Version 2004 sp3
Isa Server
Version 2004 sp3
Isa Server
Version 2006 sp1
Isa Server
Version 2006 sp1
Microsoft
Office
All versions
Office
Version 2003 sp3
Office
Version xp sp3
Microsoft
Office Web Components
Version 2000 sp3
Office Web Components
Version 2003 sp1
Office Web Components
Version 2003 sp3
Office Web Components
Version xp sp3

Related CWEs

CWE-399
CWE-399

References (8)

Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.