Microsoft Security Advisory: Vulnerability in the Microsoft Office Web Components control could allow remote code execution

Article ID: 973472 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/973472.mspx
(http://www.microsoft.com/technet/security/advisory/973472.mspx)

RESOLUTION

Microsoft has completed the investigation into a public report of this vulnerability. We have issued security bulletin MS09-043
(http://go.microsoft.com/fwlink/?LinkID=128110)
to address this issue. For more information about this issue, including download links for an available security update, please review security bulletin MS09-043
(http://go.microsoft.com/fwlink/?LinkID=128110)
. The vulnerability that is addressed is the Microsoft Office Web Components Control Vulnerability - CVE-2009-1136.

For more information about how to obtain the security update release that resolves this issue, click the following article number to view the article in the Microsoft Knowledge Base:
957638
(http://support.microsoft.com/kb/957638/ )
MS09-043: Cumulative Security Update for ActiveX Kill Bits
For more information about security bulletin MS09-043, visit the following Microsoft Web page:
http://go.microsoft.com/fwlink/?LinkID=128110
(http://go.microsoft.com/fwlink/?LinkID=128110)
For more information about the Microsoft Office Web Components Control Vulnerability, visit the following Common Vulnerabilities and Exposures Web page:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1136
(http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1136)
Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Properties

Article ID: 973472 - Last Review: August 11, 2009 - Revision: 4.1
APPLIES TO
  • Microsoft Office Small Business Accounting 2006
  • Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2003 Web Components
  • Microsoft Office XP, All Editions Service Pack 3 (SP-3)
  • Microsoft Office XP Web Components
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
  • Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Keywords: 
kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability kbsurveynew KB973472
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top