Microsoft Corporation Information for VU#654577

Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



This issue is addressed in Microsoft Security Bulletin MS08-017. This update provides a newer version of MSOWC.DLL, sets the kill bit for the vulnerable versions of the Microsoft Office Spreadsheet control, and sets the phoenix bit to retain compatibility with web pages that refer to the old CLSID for the Spreadsheet control.

If you have feedback, comments, or additional information about this vulnerability, please send us email.