Back to CVE Browser

CVE-2009-1534

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0190%

EPSS Percentile34.66th

PublishedAug 12, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Isa Server

= 2004

📦

Microsoft

Isa Server

= 2004

📦

Microsoft

Isa Server

= 2006

📦

Microsoft

Isa Server

= 2006

📦

Microsoft

Office

All versions

📦

Microsoft

Office

= 2003

📦

Microsoft

Office

= xp

📦

Microsoft

Office Web Components

= 2000

📦

Microsoft

Office Web Components

= 2003

📦

Microsoft

Office Web Components

= 2003

📦

Microsoft

Office Web Components

= xp

References & Advisories

🔗 http://osvdb.org/56916

🔗 http://www.securityfocus.com/bid/35992

🔗 http://www.securitytracker.com/id?1022708

🔗 http://www.us-cert.gov/cas/techalerts/TA09-223A.html

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326

🔗 http://osvdb.org/56916

🔗 http://www.securityfocus.com/bid/35992

Related Vulnerabilities

CVE-2006-702710.0

Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab...

CVE-2006-662710.0

Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivi...

CVE-2009-11369.3

The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2...

CVE-2009-05629.3

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 W...