CVE-2009-0562

CWE-3993 documents3 sources
Severity
9.3CRITICAL
EPSS
62.2%
top 1.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft ISA ServerMicrosoft OfficeMicrosoft Office WEB Components
Timeline
PublishedAug 12
Latest updateMay 2

Description

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office We

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/office_web_components2000, 2003, xp+2
NVDmicrosoft/office2003, xp+1
NVDmicrosoft/isa_server2004, 2006+1

🔴Vulnerability Details

2
GHSA
GHSA-wvqf-rrqc-53gr: The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, O2022-05-02
CVEList
CVE-2009-0562: The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, O2009-08-12
CVE-2009-0562 (CRITICAL CVSS 9.3) | The Office Web Components ActiveX C | cvebase.io