Strix
26.1K

CVE-2009-0562

UnknownEPSS 25.65%

Last modified

CVE-2009-0562 is a vulnerability of currently unknown severity. The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability.". EPSS estimates a 25.65% chance of exploitation in the next 30 days.

Description

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."

Metrics

EPSS Probability
25.65%

97.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
MicrosoftIsa Server2004Sp3
MicrosoftIsa Server2006Sp1
MicrosoftOfficeAll versions
MicrosoftOffice2003Sp3
MicrosoftOfficexpSp3
MicrosoftOffice Web Components2000Sp3
MicrosoftOffice Web Components2003Sp1
MicrosoftOffice Web ComponentsxpSp3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-0562?
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
How severe is CVE-2009-0562?
Severity scoring for CVE-2009-0562 is pending analysis. The EPSS model estimates a 25.65% probability of exploitation in the next 30 days.
How do I fix CVE-2009-0562?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0562?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST