CVE-2009-1534

Microsoft Isa Server - Memory Corruption

Title source: rule

Description

Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16542

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms09_043_owc_htmlurl.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/56916

[Patch] http://www.securityfocus.com/bid/35992

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022708

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA09-223A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6326

Scores

EPSS 0.7543

EPSS Percentile 98.9%

Details

CWE

CWE-119

Status published

Products (8)

microsoft/isa_server 2004 sp3 (2 CPE variants)

microsoft/isa_server 2006 sp1 (2 CPE variants)

microsoft/office

microsoft/office 2003 sp3

microsoft/office xp sp3

microsoft/office_web_components 2000 sp3

microsoft/office_web_components 2003 sp1 (2 CPE variants)

microsoft/office_web_components xp sp3

Published Aug 12, 2009

Tracked Since Feb 18, 2026