CVE-2009-1534

CVSS V2 High 9.3 CVSS V3 None
Description
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
Overview
  • CVE ID
  • CVE-2009-1534
  • Assigner
  • secure@microsoft.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-08-12T17:30:00
  • Last Modified Date
  • 2018-10-12T21:51:17
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:microsoft:biztalk_server:2002:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:microsoft:isa_server:2004:sp3:enterprise:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:isa_server:2004:sp3:standard:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:isa_server:2006:sp1:enterprise:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:isa_server:2006:sp1:standard:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office:-:*:small_business_accounting_2006:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office_web_components:2000:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office_web_components:2003:sp1:2007_microsoft_office:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office_web_components:2003:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:office_web_components:xp:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/35992 Patch
http://osvdb.org/56916
http://www.securitytracker.com/id?1022708
http://www.us-cert.gov/cas/techalerts/TA09-223A.html US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2009-1534
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1534
History
Created Old Value New Value Data Type Notes
2022-05-10 18:24:48 Added to TrackCVE