Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1534

CWE-119Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
75.4%
top 1.11%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Microsoft ISA ServerMicrosoft OfficeMicrosoft Office WEB Components
Timeline
PublishedAug 12
Latest updateMay 2

Description

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/office_web_components2000, 2003, xp+2
NVDmicrosoft/office2003, xp+1
NVDmicrosoft/isa_server2004, 2006+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-5vwg-gcr8-f2hf: Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3,2022-05-02
CVEList
CVE-2009-1534: Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3,2009-08-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft OWC Spreadsheet - HTMLURL Buffer Overflow (MS09-043) (Metasploit)2010-04-30
CVE-2009-1534 (CRITICAL CVSS 9.3) | Buffer overflow in the Office Web C | cvebase.io