Threat Monitor
JS.Exploit.Execode.B
| Aliase: | |
|---|---|
| Pattern: | 200907221330 |
| Threat Typ | Verbreitung | Betroffene Systeme | Gefährlichkeit |
|---|---|---|---|
|
|
|
|
This malicious program exploits vulnerability CVE-2009-1136.
Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11) is prone to a vulnerability. The ActiveX control is identified by the following CLSIDs: {0002E541-0000-0000-C000-000000000046},{0002E559-0000-0000-C000-000000000046}. The vulnerability exists due to the Evalute() in the OWC ActiveX control via a not valid argument to the function and can be exploited to corrupt memory. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site and execute arbitrary code on the target system.
The sample is a demonstration. IE will crash if the sample runs in a system with ActiveX control.
Affected Versions:
Microsoft ISA Server 2006 SP1
Microsoft ISA Server 2006
Microsoft ISA Server 2004 SP3
Microsoft Office XP SP3
Microsoft Office 2003 Service Pack 3
Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11) is prone to a vulnerability. The ActiveX control is identified by the following CLSIDs: {0002E541-0000-0000-C000-000000000046},{0002E559-0000-0000-C000-000000000046}. The vulnerability exists due to the Evalute() in the OWC ActiveX control via a not valid argument to the function and can be exploited to corrupt memory. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site and execute arbitrary code on the target system.
The sample is a demonstration. IE will crash if the sample runs in a system with ActiveX control.
Affected Versions:
Microsoft ISA Server 2006 SP1
Microsoft ISA Server 2006
Microsoft ISA Server 2004 SP3
Microsoft Office XP SP3
Microsoft Office 2003 Service Pack 3
