The Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Office Web Components are ActiveX controls that provide Microsoft Office functionality, such as spreadsheets, tables, and charts. These ActiveX controls are provided by the file MSOWC.DLL. Several of the ActiveX controls provided by MSOWC.DLL are marked Safe for Scripting and Safe for Initialization, which means that they can be controlled by a web page in Internet Explorer. Microsoft Office Web Components are provided by multiple products including
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This vulnerability was reported by Microsoft, who in turn credit Chris Ries of VigilantMinds and Xiao Hui of NCNIPC.
This document was written by Will Dormann.
|Date First Published:||2008-03-12|
|Date Last Updated:||2008-03-13 15:08 UTC|