HTTP: Unsafe Microsoft Office Web Components ActiveX Control
This signature detects unsafe ActiveX components in Microsoft Office Web Components versions 10 and 11. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC10.Spreadsheet ActiveX control. The control is identified by the following CLSIDs: 0002E541-0000-0000-C000-000000000046 0002E559-0000-0000-C000-000000000046 An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.
Affected Products
Microsoft office_2003_web_components_for_office_2007_sp1
References
BugTraq: 35991 35642 35990 35992
CVE: CVE-2009-1534
URL: http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=819 http://www.zerodayinitiative.com/advisories/zdi-09-055/ http://www.zerodayinitiative.com/advisories/zdi-09-056/ http://www.zerodayinitiative.com/advisories/zdi-09-054/
Short Name
HTTP:STC:ACTIVEX:OWC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
ActiveX CVE-2009-0562 CVE-2009-1136 CVE-2009-1534 CVE-2009-2496 Components Control Microsoft Office Unsafe Web bid:35642 bid:35990 bid:35991 bid:35992
Release Date
07/13/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3