CVE-2009-1534

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

Published: Aug 12, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-1534
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
microsoft / office_web_components	2000-sp3	2000-sp3.x
microsoft / office_web_components	xp-sp3	xp-sp3.x
microsoft / office	xp-sp3	xp-sp3.x
microsoft / isa_server	2006-sp1	2006-sp1.x
microsoft / isa_server	2004-sp3	2004-sp3.x
microsoft / office_web_components	2003-sp1	2003-sp1.x
microsoft / office_web_components	2003-sp3	2003-sp3.x
microsoft / office	2003-sp3	2003-sp3.x

http://osvdb.org/56916
http://www.securityfocus.com/bid/35992
http://www.securitytracker.com/id?1022708
http://www.us-cert.gov/cas/techalerts/TA09-223A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326

Vulnerability Database

289,599

CVE-2009-1534