• 공개일 : 2009-07-16
• 변경일 : 2010-08-21

• 위험도: 9.3
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 보통
• 인증 : 없음
• 기밀성 영향 : 전체
• 무결성 영향 : 전체
• 가용성 영향 : 전체
• 출처 : http://nvd.nist.gov
• 공개일 : 2009-07-16

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."

• CERT, TA09-223A
• MS, MS09-043
• MISC, http://xeye.us/blog/2009/07/one-0day/
• CONFIRM, http://www.microsoft.com/technet/security/advisory/973472.mspx
• MISC, http://trac.metasploit.com/browser/framework3/trunk/modules/exploits/win..
• MISC, http://isc.sans.org/diary.html?storyid=6778
• CONFIRM, http://blogs.technet.com/srd/archive/2009/07/13/more-information-abou..
• CONFIRM, http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-a..

• microsoft isa_server 2004 standard
• microsoft isa_server 2006
• microsoft isa_server 2006
• microsoft isa_server 2004 enterprise
• microsoft office_web_components 2003 2007_microsoft_office
• microsoft office 2003
• microsoft office_web_components xp
• microsoft isa_server 2006
• microsoft office 2003 small_business_accounting_2006
• microsoft office_web_components 2003
• microsoft office_xp sp3