CVE-2009-1534

Published: Aug 12, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

Affected (11)

Products: Microsoft: Isa Server, Office, Office Web Components

3 products

Office Web Components

Configuration A

11 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Isa Server	Version 2004 sp3
Microsoft Isa Server	Version 2004 sp3
Microsoft Isa Server	Version 2006 sp1
Microsoft Isa Server	Version 2006 sp1
Microsoft Office	All versions
Microsoft Office	Version 2003 sp3
Microsoft Office	Version xp sp3
Microsoft Office Web Components	Version 2000 sp3
Microsoft Office Web Components	Version 2003 sp1
Microsoft Office Web Components	Version 2003 sp3
Microsoft Office Web Components	Version xp sp3

Running on/with	Platform Versions
Microsoft Biztalk Server	Version 2002
Microsoft Visual Studio .net	Version 2003 sp1

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

http://osvdb.org/56916

Source: secure@microsoft.com

http://www.securityfocus.com/bid/35992

Source: secure@microsoft.com

Patch

http://www.securitytracker.com/id?1022708

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326

Source: secure@microsoft.com

http://osvdb.org/56916

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35992

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securitytracker.com/id?1022708

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-223A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.